CVE-2023-47610

Name of the Vulnerable Software and Affected Versions Telit Cinterion EHS5/6/8 (affected versions not specified) Telit Cinterion BGS5 (affected versions not specified) Telit Cinterion PDS5/6/8 (affected versions not specified)

Description A Buffer Copy without Checking Size of Input vulnerability exists in the Telit Cinterion modems, which could allow a remote unauthenticated attacker to execute arbitrary code on the targeted system by sending a specially crafted SMS message. The vulnerability is related to the User Plane Location (SUPL) message handler and is associated with a heap-based buffer overflow. This issue may expose industrial and healthcare sectors to remote attacks via SMS, allowing remote code execution without authentication.

Recommendations For Telit Cinterion EHS5/6/8, consider disabling the SMS message handler until a patch is available. For Telit Cinterion BGS5, restrict access to the SUPL message handler to minimize the risk of exploitation. For Telit Cinterion PDS5/6/8, avoid using the vulnerable message handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.