CVE-2023-47610

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-47610
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists in Telit Cinterion EHS5/6/8 that could allow a remote unauthenticated attacker to execute arbitrary code on the targeted system by sending a specially crafted SMS message.

8.1 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-23-018-telit-cinterion-thales-gemalto-modules-buffer-copy-without-checking-size-of-input-vulnerability/ Third Party Advisory
https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-23-018-telit-cinterion-thales-gemalto-modules-buffer-copy-without-checking-size-of-input-vulnerability/ Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:telit:bgs5_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:bgs5:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:telit:ehs5_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:ehs5:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:telit:ehs6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:ehs6:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:telit:ehs8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:ehs8:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:telit:pds5_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:pds5:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:telit:pds6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:pds6:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:telit:pds8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:pds8:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:telit:els61_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:els61:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:telit:els81_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:els81:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:telit:pls62_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:pls62:-:*:*:*:*:*:*:*
History

21 Nov 2024, 08:30

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 9.8 		v2 : unknown
v3 : 8.1
References () https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-23-018-telit-cinterion-thales-gemalto-modules-buffer-copy-without-checking-size-of-input-vulnerability/ - Third Party Advisory () https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-23-018-telit-cinterion-thales-gemalto-modules-buffer-copy-without-checking-size-of-input-vulnerability/ - Third Party Advisory

22 Jul 2024, 13:15

Type Values Removed Values Added
Summary (en) A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a remote unauthenticated attacker to execute arbitrary code on the targeted system by sending a specially crafted SMS message. (en) A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists in Telit Cinterion EHS5/6/8 that could allow a remote unauthenticated attacker to execute arbitrary code on the targeted system by sending a specially crafted SMS message.

16 Nov 2023, 17:19

Type Values Removed Values Added
First Time Telit pds8
Telit ehs6
Telit ehs5 Firmware
Telit pds6
Telit pds6 Firmware
Telit pds5 Firmware
Telit bgs5
Telit els81
Telit bgs5 Firmware
Telit pls62 Firmware
Telit ehs6 Firmware
Telit ehs8
Telit ehs5
Telit
Telit pds5
Telit pls62
Telit els61
Telit ehs8 Firmware
Telit els61 Firmware
Telit els81 Firmware
Telit pds8 Firmware
References () https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-23-018-telit-cinterion-thales-gemalto-modules-buffer-copy-without-checking-size-of-input-vulnerability/ - () https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-23-018-telit-cinterion-thales-gemalto-modules-buffer-copy-without-checking-size-of-input-vulnerability/ - Third Party Advisory
CWE CWE-120
CPE cpe:2.3:h:telit:bgs5:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:pds8:-:*:*:*:*:*:*:*
cpe:2.3:o:telit:pds5_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:telit:ehs5_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:ehs5:-:*:*:*:*:*:*:*
cpe:2.3:o:telit:pls62_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:els61:-:*:*:*:*:*:*:*
cpe:2.3:o:telit:els61_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:pds6:-:*:*:*:*:*:*:*
cpe:2.3:o:telit:bgs5_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:ehs8:-:*:*:*:*:*:*:*
cpe:2.3:o:telit:ehs8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:els81:-:*:*:*:*:*:*:*
cpe:2.3:o:telit:ehs6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:ehs6:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:pds5:-:*:*:*:*:*:*:*
cpe:2.3:o:telit:els81_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:telit:pds8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:pls62:-:*:*:*:*:*:*:*
cpe:2.3:o:telit:pds6_firmware:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8

09 Nov 2023, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-11-09 17:15

Updated : 2024-11-21 08:30

NVD link : CVE-2023-47610

Mitre link : CVE-2023-47610

CVE.ORG link : CVE-2023-47610

JSON object : View

Products Affected

telit

  • pls62
  • pds6
  • pds8
  • bgs5_firmware
  • ehs8_firmware
  • ehs6
  • els61_firmware
  • ehs8
  • bgs5
  • els81_firmware
  • pds8_firmware
  • ehs5
  • pds5_firmware
  • els81
  • ehs5_firmware
  • pls62_firmware
  • ehs6_firmware
  • pds5
  • pds6_firmware
  • els61
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024