Description
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists in Telit Cinterion EHS5/6/8 that could allow a remote unauthenticated attacker to execute arbitrary code on the targeted system by sending a specially crafted SMS message.
References (1)
Core 1
Core References
Third Party Advisory third-party-advisory
https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-23-018-telit-cinterion-thales-gemalto-modules-buffer-copy-without-checking-size-of-input-vulnerability/
Scores
CVSS v3
8.1
EPSS
0.0278
EPSS Percentile
86.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-120
Status
published
Products (10)
telit/bgs5_firmware
telit/ehs5_firmware
telit/ehs6_firmware
telit/ehs8_firmware
telit/els61_firmware
telit/els81_firmware
telit/pds5_firmware
telit/pds6_firmware
telit/pds8_firmware
telit/pls62_firmware
Published
Nov 09, 2023
Tracked Since
Feb 18, 2026