Search by:
08 November 2023
KLCERT-22-194: Telit Cinterion (Thales/Gemalto) modules. Files or Directories Accessible to External Parties vulnerability
Vendor
Telit Cinterion
CVE
KLCERT
KLCERT-22-194
Timeline
Timeline
Kaspersky ICS CERT advisory published
08 November 2023
Vulnerability reported
February 2023
A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow an attacker with physical access to the target system to obtain a read/write access to any files and directories on the targeted system, including hidden files and directories.
CVSS v3
Exploitability
Physical access is required
Integrity
High
Availability
High
Affected products
The following Telit products:
Mitigation
Kaspersky ICS CERT mitigation
Kaspersky publishes information on newly identified vulnerabilities in order to raise user awareness of the IT security threats detected. Kaspersky does not make any guarantees with respect to information received from vendors of products in which vulnerabilities have been identified, which is included in the following sections of the advisory: Affected Products, Vendor Mitigation.
Timeline
Kaspersky ICS CERT advisory published
08 November 2023
Vulnerability reported
February 2023