CVE-2023-47611

HIGH

Telit Cinterion BGS5 EHS5/6/8 PDS5/6/8 ELS61/81 PLS62 - Privilege Escalation to Manufacturer Level

Title source: llm

Description

A CWE-269: Improper Privilege Management vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to elevate privileges to "manufacturer" level on the targeted system.

References (1)

Core 1

Core References

Third Party Advisory third-party-advisory

https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-216-telit-cinterion-thales-gemalto-modules-improper-privilege-management-vulnerability/

Scores

CVSS v3 7.8

EPSS 0.0021

EPSS Percentile 11.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-269

Status published

Products (10)

telit/bgs5_firmware

telit/ehs5_firmware

telit/ehs6_firmware

telit/ehs8_firmware

telit/els61_firmware

telit/els81_firmware

telit/pds5_firmware

telit/pds6_firmware

telit/pds8_firmware

telit/pls62_firmware

Published Nov 10, 2023

Tracked Since Feb 18, 2026