CVE-2023-47610 – This vulnerability allows remote unauthenticate... (How to Fix)

Q: What is the severity of CVE-2023-47610?

CVE-2023-47610 has a CVSS score of 8.1 (HIGH). This vulnerability allows remote unauthenticated attackers to execute arbitrary code on Telit Cinterion EHS5/6/8 cellular modules by sending specially crafted SMS messages. The buffer overflow occurs when processing SMS input without proper size validation. Organizations using these cellular modules in IoT devices, industrial control systems, or embedded applications are affected.

📋 TL;DR

This vulnerability allows remote unauthenticated attackers to execute arbitrary code on Telit Cinterion EHS5/6/8 cellular modules by sending specially crafted SMS messages. The buffer overflow occurs when processing SMS input without proper size validation. Organizations using these cellular modules in IoT devices, industrial control systems, or embedded applications are affected.

💻 Affected Systems

Products:

Telit Cinterion EHS5
Telit Cinterion EHS6
Telit Cinterion EHS8

Versions: All versions prior to patch

Operating Systems: Embedded cellular module firmware

Default Config Vulnerable: ⚠️ Yes

Notes: These modules are commonly used in IoT devices, automotive systems, industrial equipment, and medical devices.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the cellular module allowing attackers to execute arbitrary code, potentially gaining persistent access to connected systems, exfiltrating data, or disrupting operations.

🟠

Likely Case

Remote code execution leading to device compromise, data theft, or disruption of device functionality in vulnerable deployments.

🟢

If Mitigated

Limited impact with proper network segmentation and SMS filtering controls in place, though risk remains if modules are internet-facing.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending specially crafted SMS messages to vulnerable devices. No authentication is required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check with Telit/Thales for specific patched firmware versions

Vendor Advisory: https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-23-018-telit-cinterion-thales-gemalto-modules-buffer-copy-without-checking-size-of-input-vulnerability/

Restart Required: Yes

Instructions:

1. Contact Telit/Thales support for patched firmware. 2. Backup device configuration. 3. Apply firmware update via supported method (OTA or physical connection). 4. Verify update success. 5. Restart device.

🔧 Temporary Workarounds

SMS Filtering

all

Implement SMS filtering at the cellular carrier level to block malicious SMS messages

Network Segmentation

all

Isolate cellular modules from critical networks using firewalls and VLANs

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable devices
Deploy SMS filtering solutions to block suspicious SMS traffic

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against vendor advisory. Devices running unpatched firmware are vulnerable.

Check Version:

AT+CGMR (check with device documentation for exact command)

Verify Fix Applied:

Verify firmware version matches patched version from vendor advisory and test SMS handling functionality.

📡 Detection & Monitoring

Log Indicators:

Unusual SMS processing errors
Device reboots or crashes after SMS receipt
Unexpected process execution

Network Indicators:

SMS messages with unusual payloads or sizes
Outbound connections from cellular modules to unexpected destinations

SIEM Query:

source="cellular_module" AND (event="sms_processing_error" OR event="device_crash")

📊 Metadata

CVE ID: CVE-2023-47610

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: November 9, 2023

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-47610, you might also want to check these: