CVE-2023-47610
published 2023-11-09CVE-2023-47610: A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists in Telit Cinterion EHS5/6/8 that could allow a remote unauthenticated attacker to…
PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.69%
74.3th percentile
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists in Telit Cinterion EHS5/6/8 that could allow a remote unauthenticated attacker to execute arbitrary code on the targeted system by sending a specially crafted SMS message.
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2023-47610 is exploited via specially crafted binary SMS messages targeting the SUPL (User Plane Location) message handler on Telit Cinterion modems; monitor for unexpected or malformed binary SMS delivery to modem subscriber numbers ↗
- →The attack vector is the SMS messaging interface present on all affected modems; attacker only needs the subscriber number of the target modem — no authentication required, no physical access needed ↗
- →Operator-level binary SMS restrictions may be bypassed using a rogue/fake base station; detection should account for SMS originating from unexpected or spoofed base stations ↗
- →Successful exploitation grants deep OS-level access including RAM and flash memory manipulation on the modem — look for anomalous modem firmware behavior or unexpected memory writes post-SMS receipt ↗
- ·Telit fixed some but not all of the disclosed vulnerabilities; patching status should be verified per device variant before assuming remediation ↗
- ·Because the modems are embedded in third-party solutions, determining the full scope of impacted products across industrial, healthcare, and telecom sectors is non-trivial ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wv85-vm3v-v274: A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8
ghsa_unreviewed·2023-11-09
CVE-2023-47610 [HIGH] CWE-120 GHSA-wv85-vm3v-v274: A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a remote unauthenticated attacker to execute arbitrary code on the targeted system by sending a specially crafted SMS message.
CISA ICS
ABB Arctic Wireless Gateways
cisa_ics·2025-04-10·CVSS 8.1
[HIGH] ABB Arctic Wireless Gateways
ICS Advisory
##
ABB Arctic Wireless Gateways
Release DateApril 10, 2025
Alert CodeICSA-25-100-09
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 9.2
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: ABB
- Equipment: Arctic Wireless Gateways
- Vulnerabilities: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Improper Privilege Management, Exposure of Sensitive Information to an Unauthorized Actor, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities
No detection rules found.
No public exploits indexed.
https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-23-018-telit-cinterion-thales-gemalto-modules-buffer-copy-without-checking-size-of-input-vulnerability/https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-23-018-telit-cinterion-thales-gemalto-modules-buffer-copy-without-checking-size-of-input-vulnerability/
2023-11-09
Published