CVE-2023-47614

LOW

Telit Cinterion BGS5 EHS5/6/8 PDS5/6/8 ELS61/81 PLS62 - Unauthorized Sensitive Information Exposure

Title source: llm

Description

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to disclose hidden virtual paths and file names on the targeted system.

References (1)

Core 1

Core References

Third Party Advisory third-party-advisory

https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-210-telit-cinterion-thales-gemalto-modules-exposure-of-sensitive-information-to-an-unauthorized-actor-vulnerability/

Scores

CVSS v3 3.3

EPSS 0.0021

EPSS Percentile 11.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-200

Status published

Products (10)

telit/bgs5_firmware

telit/ehs5_firmware

telit/ehs6_firmware

telit/ehs8_firmware

telit/els61_firmware

telit/els81_firmware

telit/pds5_firmware

telit/pds6_firmware

telit/pds8_firmware

telit/pls62_firmware

Published Nov 10, 2023

Tracked Since Feb 18, 2026