Full Report
A CWE-526: Exposure of Sensitive Information Through Environmental Variables vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to get access to a sensitive data on the targeted system.
Analysis Summary
# Vulnerability: Sensitive Information Exposure in Telit Cinterion Modules
## CVE Details
- **CVE ID:** CVE-2023-47615
- **CVSS Score:** 3.3 (Low) - *Note: While the source text lists "0.0", the provided vector string (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) calculates to 3.3.*
- **CWE:** CWE-526 (Exposure of Sensitive Information Through Environmental Variables)
## Affected Systems
- **Products:**
- Telit Cinterion BGS5
- Telit Cinterion EHS5/6/8
- Telit Cinterion PDS5/6/8
- Telit Cinterion ELS61/81
- Telit Cinterion PLS62
- **Versions:** All versions
- **Configurations:** Systems where untrusted MIDlets (Java ME applications) can be installed or where local access is available.
## Vulnerability Description
The affected Telit Cinterion modules fail to properly restrict access to environmental variables. This flaw allows a local attacker with low privileges to read sensitive data stored within these variables. In the context of these IoT modules, such variables often contain system configurations or secrets used by the operating environment and installed applications.
## Exploitation
- **Status:** Not reported as exploited in the wild; PoC not publically provided in research.
- **Complexity:** Low
- **Attack Vector:** Local (Requires the ability to execute code or commands on the device, such as via a malicious MIDlet).
## Impact
- **Confidentiality:** Low (Access to sensitive environment data)
- **Integrity:** None
- **Availability:** None
## Remediation
### Patches
- As of the advisory date, no specific firmware versions were listed as patched. Users should contact the vendor (Telit/Thales) for the latest firmware updates regarding KLCERT-22-212.
### Workarounds
- **Application Signing:** Enforce strict application signature verification to prevent the installation and execution of unauthorized or untrusted MIDlets.
- **Supply Chain Security:** Control and monitor the physical access to devices during transportation and storage to prevent the embedding of hardware backdoors or unauthorized software.
## Detection
- **Indicators of Compromise:** Presence of unauthorized or unsigned MIDlets on the system.
- **Detection Methods:** Audit system environment variable access logs (if supported) and verify the integrity of all installed Java applications against known-good hashes.
## References
- Kaspersky ICS CERT Advisory: hxxps[://]ics-cert[.]kaspersky[.]com/advisories/2023/11/09/klcert-22-212-telit-cinterion-thales-gemalto-modules-exposure-of-sensitive-information-through-environmental-variables/
- NVD CVE Detail: hxxps[://]nvd[.]nist[.]gov/vuln/detail/CVE-2023-47615
- CWE-526 Definition: hxxps[://]cwe[.]mitre[.]org/data/definitions/526[.]html