CVE-2023-47611
📋 TL;DR
A local privilege escalation vulnerability in Telit Cinterion cellular modules allows low-privileged attackers to gain manufacturer-level privileges. This affects multiple Telit Cinterion product lines including BGS5, EHS5/6/8, PDS5/6/8, ELS61/81, and PLS62. Organizations using these modules in IoT/embedded devices are at risk.
💻 Affected Systems
- Telit Cinterion BGS5
- Telit Cinterion EHS5
- Telit Cinterion EHS6
- Telit Cinterion EHS8
- Telit Cinterion PDS5
- Telit Cinterion PDS6
- Telit Cinterion PDS8
- Telit Cinterion ELS61
- Telit Cinterion ELS81
- Telit Cinterion PLS62
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attacker gains full manufacturer-level control over the module, enabling firmware modification, data exfiltration, persistence, and use as a foothold into connected systems.
Likely Case
Local attacker elevates privileges to bypass security controls, access sensitive configuration data, and potentially compromise the entire device.
If Mitigated
With proper network segmentation and access controls, impact is limited to the specific module, though privilege escalation still occurs.
🎯 Exploit Status
Requires local access but low complexity for privilege escalation once access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check with Telit Cinterion for specific firmware versions
Vendor Advisory: https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-216-telit-cinterion-thales-gemalto-modules-improper-privilege-management-vulnerability/
Restart Required: Yes
Instructions:
1. Contact Telit Cinterion support for patched firmware. 2. Backup current configuration. 3. Apply firmware update via supported method (AT commands or management interface). 4. Verify update and restore configuration if needed.
🔧 Temporary Workarounds
Restrict Local Access
allLimit physical and logical access to module interfaces
Network Segmentation
allIsolate devices using these modules from critical networks
🧯 If You Can't Patch
- Implement strict access controls to prevent unauthorized local access to modules
- Monitor for unusual AT command activity or privilege changes on affected devices
🔍 How to Verify
Check if Vulnerable:
Check firmware version against Telit Cinterion advisory. Attempt privilege escalation via documented methods if authorized.Check Version:
AT+CGMR (check with module documentation for exact command)Verify Fix Applied:
Verify firmware version is updated to patched version from vendor. Test privilege escalation attempts fail.📡 Detection & Monitoring
Log Indicators:
- Unexpected privilege escalation events
- AT commands attempting manufacturer-level operations from low-privileged users
Network Indicators:
- Unusual traffic from module interfaces
- Attempts to access restricted management interfaces
SIEM Query:
Search for AT command sequences containing privilege escalation patterns or manufacturer-level operations from non-privileged sources🔗 References
- https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-216-telit-cinterion-thales-gemalto-modules-improper-privilege-management-vulnerability/
- https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-216-telit-cinterion-thales-gemalto-modules-improper-privilege-management-vulnerability/
