09 November 2023
KLCERT-22-193: Telit Cinterion (Thales/Gemalto) modules. Exposure of Sensitive Information to an Unauthorized Actor
Vendor
Telit Cinterion
-
CVE
-
KLCERT
KLCERT-22-193
Timeline
Timeline
-
Kaspersky ICS CERT advisory published
09 November 2023
-
Vulnerability reported
February 2023
Description
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow an attacker with physical access to the target system to get access to a sensitive data on the targeted system.
CVSS v3
Exploitability
Physical access is required
Attack complexity
User interaction
Confidentiality
Integrity
None
Availability
None
Impact
Affected products
The following Telit products:
- Telit Cinterion BGS5 (All versions)
- Telit Cinterion EHS5/6/8 (All versions)
- Telit Cinterion PDS5/6/8 (All versions)
- Telit Cinterion ELS61/81 (All versions)
- Telit Cinterion PLS62 (All versions).
Mitigation
Kaspersky ICS CERT mitigation
Control physical access to the device at all stages of transportation to protect against the embedding of backdoors.
Kaspersky publishes information on newly identified vulnerabilities in order to raise user awareness of the IT security threats detected. Kaspersky does not make any guarantees with respect to information received from vendors of products in which vulnerabilities have been identified, which is included in the following sections of the advisory: Affected Products, Vendor Mitigation.
Timeline
-
Kaspersky ICS CERT advisory published
09 November 2023
-
Vulnerability reported
February 2023