Full Report
A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow an attacker with physical access to the target system to obtain a read/write access to any files and directories on the targeted system, including hidden files and directories.
Analysis Summary
# Vulnerability: Telit Cinterion Modules File System Exposure
## CVE Details
- **CVE ID:** CVE-2023-47612
- **CVSS Score:** 6.8 (Medium/High - Note: The advisory text lists 0.0, but the provided vector `CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H` calculates to **6.8**)
- **CWE:** CWE-552: Files or Directories Accessible to External Parties
## Affected Systems
- **Products:** Telit Cinterion (formerly Thales/Gemalto) cellular modules
- **Versions:**
- BGS5 (All versions)
- EHS5/6/8 (All versions)
- PDS5/6/8 (All versions)
- ELS61/81 (All versions)
- PLS62 (All versions)
- **Configurations:** Systems where an attacker can gain physical proximity to the hardware module.
## Vulnerability Description
A file system security flaw exists in several series of Telit Cinterion modules. The vulnerability allows unauthorized access to the internal file structure of the device. Due to improper restriction of file/directory access, an actor can bypass security controls to interact with the device's storage.
## Exploitation
- **Status:** Not specified (No public PoC mentioned in the advisory).
- **Complexity:** Low
- **Attack Vector:** Physical
## Impact
- **Confidentiality:** High (Read access to all files, including hidden system files and directories).
- **Integrity:** High (Write access to all files and directories).
- **Availability:** High (Ability to delete or corrupt critical system files).
## Remediation
### Patches
- No specific firmware patch versions were listed in the provided Kaspersky advisory. Users are encouraged to contact Telit Cinterion for the latest firmware updates regarding CVE-2023-47612.
### Workarounds
- **Physical Security:** Implement strict physical access controls for the device throughout its entire lifecycle, including transportation and deployment, to prevent tampering or the embedding of backdoors.
## Detection
- **Indicators of Compromise:** Unusual file system modifications or the presence of unauthorized files/scripts on the module.
- **Detection Methods:** Physical inspection of hardware for unauthorized debugging connections and auditing file system integrity if the module supports such diagnostic commands.
## References
- Kaspersky ICS CERT Advisory: hxxps[://]ics-cert[.]kaspersky[.]com/advisories/2023/11/08/klcert-22-194-telit-cinterion-thales-gemalto-modules-files-or-directories-accessible-to-external-parties-vulnerability/
- NVD CVE-2023-47612: hxxps[://]nvd[.]nist[.]gov/vuln/detail/CVE-2023-47612
- CWE-552 definition: hxxps[://]cwe[.]mitre[.]org/data/definitions/552[.]html