CVE-2023-47610 : What You Need to Know

This article provides detailed information about CVE-2023-47610, a vulnerability affecting Telit Cinterion devices that could allow remote attackers to execute arbitrary code.

Understanding CVE-2023-47610

CVE-2023-47610 is a CWE-120: Buffer Copy without Checking Size of Input vulnerability impacting various Telit Cinterion products.

What is CVE-2023-47610?

A CWE-120 vulnerability exists in Telit Cinterion BGS5, EHS5/6/8, PDS5/6/8, ELS61/81, and PLS62. It could enable remote unauthenticated attackers to execute arbitrary code by sending a specially crafted SMS message.

The Impact of CVE-2023-47610

The vulnerability has a CVSS base score of 8.1, indicating a high severity level. Attackers can exploit it over the network without requiring privileges, leading to high confidentiality, integrity, and availability impacts.

Technical Details of CVE-2023-47610

Vulnerability Description

Telit Cinterion devices are susceptible to a buffer overflow vulnerability due to improper input size validation, allowing attackers to run malicious code remotely.

Affected Systems and Versions

Products affected include BGS5, EHS5/6/8, PDS5/6/8, ELS61/81, and PLS62 from Telit Cinterion.

Exploitation Mechanism

Attackers can exploit this vulnerability by sending a specifically crafted SMS message to the target system, enabling them to execute arbitrary code.

Mitigation and Prevention

Immediate Steps to Take

To mitigate the risk, contact the mobile operator to disable SMS message reception on the affected devices. Additionally, using a private APN with enhanced security settings can reduce the exploit impact.

Long-Term Security Practices

Ensure thorough security configurations for devices connected to public networks and review the security setup for devices already using private APNs.

Patching and Updates

Stay updated with security patches and enhancements provided by Telit Cinterion to address CVE-2023-47610.