Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    12 vulnerabilities found for TBox MS-CPU32 by Ovarro

    CVE-2023-3395 (GCVE-0-2023-3395)

    Vulnerability from nvd – Published: 2023-07-03 20:04 – Updated: 2024-10-24 19:53
    VLAI
    Summary
    ​All versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in memory. An attacker with access to system files could open a file to load the document into memory, including sensitive information associated with document, such as password. The attacker could then obtain the plaintext password by using a memory viewer.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-256 - Plaintext Storage of a Password
    Assigner
    References
    Impacted products
    Vendor Product Version
    Ovarro TBox MS-CPU32 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro ​TBox MS-CPU32-S2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro TBox LT2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro TBox TG2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro TBox RM2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Date Public
    2023-06-29 18:00
    Credits
    Floris Hendriks Jeroen Wijenbergh Radboud University
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:55:03.225Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3395",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-24T19:53:22.213521Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-24T19:53:58.951Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TBox MS-CPU32",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "\u200bTBox MS-CPU32-S2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TBox LT2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TBox TG2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TBox RM2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Floris Hendriks"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Jeroen Wijenbergh"
            },
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Radboud University"
            }
          ],
          "datePublic": "2023-06-29T18:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u200bAll versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in memory. An attacker with access to system files could open a file to load the document into memory, including sensitive information associated with document, such as password. The attacker could then obtain the plaintext password by using a memory viewer.\u003c/span\u003e\n\n"
                }
              ],
              "value": "\n\u200bAll versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in memory. An attacker with access to system files could open a file to load the document into memory, including sensitive information associated with document, such as password. The attacker could then obtain the plaintext password by using a memory viewer.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-256",
                  "description": "CWE-256 Plaintext Storage of a Password",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-03T20:04:17.653Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-3395",
        "datePublished": "2023-07-03T20:04:17.653Z",
        "dateReserved": "2023-06-23T20:42:39.795Z",
        "dateUpdated": "2024-10-24T19:53:58.951Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-36611 (GCVE-0-2023-36611)

    Vulnerability from nvd – Published: 2023-07-03 20:03 – Updated: 2024-10-25 13:08
    VLAI
    Summary
    The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with “user” privileges to access files requiring higher privileges by establishing an SSH session and providing the other tokens.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Ovarro TBox MS-CPU32 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro ​TBox MS-CPU32-S2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro TBox LT2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro TBox TG2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro TBox RM2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Date Public
    2023-06-29 18:00
    Credits
    Floris Hendriks Jeroen Wijenbergh Radboud University
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:52:54.051Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-36611",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-25T13:04:51.270877Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T13:08:42.739Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TBox MS-CPU32",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "\u200bTBox MS-CPU32-S2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TBox LT2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TBox TG2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TBox RM2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Floris Hendriks"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Jeroen Wijenbergh"
            },
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Radboud University"
            }
          ],
          "datePublic": "2023-06-29T18:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with \u201cuser\u201d privileges to access files requiring higher privileges by establishing an SSH session and providing the other tokens.\u003c/span\u003e\n\n"
                }
              ],
              "value": "\nThe affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with \u201cuser\u201d privileges to access files requiring higher privileges by establishing an SSH session and providing the other tokens.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285 Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-03T20:03:07.721Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-36611",
        "datePublished": "2023-07-03T20:03:07.721Z",
        "dateReserved": "2023-06-23T20:39:08.361Z",
        "dateUpdated": "2024-10-25T13:08:42.739Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-36610 (GCVE-0-2023-36610)

    Vulnerability from nvd – Published: 2023-07-03 20:01 – Updated: 2024-10-25 13:08
    VLAI
    Summary
    ​The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successfully brute force the token and authenticate themselves.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Ovarro TBox MS-CPU32 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro ​TBox MS-CPU32-S2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro TBox LT2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro TBox TG2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro TBox RM2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Date Public
    2023-06-29 18:00
    Credits
    Floris Hendriks Jeroen Wijenbergh Radboud University
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:52:54.193Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-36610",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-25T13:04:55.721103Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T13:08:23.603Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TBox MS-CPU32",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "\u200bTBox MS-CPU32-S2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TBox LT2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TBox TG2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TBox RM2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Floris Hendriks"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Jeroen Wijenbergh"
            },
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Radboud University"
            }
          ],
          "datePublic": "2023-06-29T18:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u200bThe affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successfully brute force the token and authenticate themselves.\u003c/span\u003e\n\n"
                }
              ],
              "value": "\n\u200bThe affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successfully brute force the token and authenticate themselves.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-331",
                  "description": "CWE-331 Insufficient Entropy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-03T20:01:31.978Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-36610",
        "datePublished": "2023-07-03T20:01:31.978Z",
        "dateReserved": "2023-06-23T20:39:08.361Z",
        "dateUpdated": "2024-10-25T13:08:23.603Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-36609 (GCVE-0-2023-36609)

    Vulnerability from nvd – Published: 2023-07-03 19:59 – Updated: 2024-11-25 18:11
    VLAI
    Summary
    The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
    Assigner
    References
    Impacted products
    Vendor Product Version
    Ovarro TBox MS-CPU32 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro ​TBox MS-CPU32-S2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro TBox LT2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro TBox TG2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro TBox RM2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    ovarro tbox_ms-cpu32 Affected: 0 , ≤ 1.50.598 (custom)
        cpe:2.3:h:ovarro:tbox_ms-cpu32:-:*:*:*:*:*:*:*
    Create a notification for this product.
    ovarro tbox_ms-cpu32-s2 Affected: 0 , ≤ 1.50.598 (custom)
        cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:-:*:*:*:*:*:*:*
    Create a notification for this product.
    ovarro tbox_tg2 Affected: 0 , ≤ 1.50.598 (custom)
        cpe:2.3:h:ovarro:tbox_tg2:-:*:*:*:*:*:*:*
    Create a notification for this product.
    ovarro tbox_lt2 Affected: 0 , ≤ 1.50.598 (custom)
        cpe:2.3:h:ovarro:tbox_lt2:-:*:*:*:*:*:*:*
    Create a notification for this product.
    ovarro tbox_rm2 Affected: 0 , ≤ 1.50.598 (custom)
        cpe:2.3:h:ovarro:tbox_rm2:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-06-29 18:00
    Credits
    Floris Hendriks Jeroen Wijenbergh Radboud University
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:52:53.785Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:ovarro:tbox_ms-cpu32:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "tbox_ms-cpu32",
                "vendor": "ovarro",
                "versions": [
                  {
                    "lessThanOrEqual": "1.50.598",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "tbox_ms-cpu32-s2",
                "vendor": "ovarro",
                "versions": [
                  {
                    "lessThanOrEqual": "1.50.598",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:ovarro:tbox_tg2:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "tbox_tg2",
                "vendor": "ovarro",
                "versions": [
                  {
                    "lessThanOrEqual": "1.50.598",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:ovarro:tbox_lt2:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "tbox_lt2",
                "vendor": "ovarro",
                "versions": [
                  {
                    "lessThanOrEqual": "1.50.598",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:ovarro:tbox_rm2:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "tbox_rm2",
                "vendor": "ovarro",
                "versions": [
                  {
                    "lessThanOrEqual": "1.50.598",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-36609",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-25T18:08:41.527780Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-25T18:11:48.466Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TBox MS-CPU32",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "\u200bTBox MS-CPU32-S2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TBox LT2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TBox TG2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TBox RM2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Floris Hendriks"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Jeroen Wijenbergh"
            },
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Radboud University"
            }
          ],
          "datePublic": "2023-06-29T18:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges.\u003c/span\u003e\n\n"
                }
              ],
              "value": "\nThe affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-829",
                  "description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-03T19:59:08.547Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-36609",
        "datePublished": "2023-07-03T19:59:08.547Z",
        "dateReserved": "2023-06-23T20:39:08.361Z",
        "dateUpdated": "2024-11-25T18:11:48.466Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-36608 (GCVE-0-2023-36608)

    Vulnerability from nvd – Published: 2023-07-03 19:55 – Updated: 2024-10-25 13:08
    VLAI
    Summary
    The affected TBox RTUs store hashed passwords using MD5 encryption, which is an insecure encryption algorithm.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
    Assigner
    References
    Impacted products
    Vendor Product Version
    Ovarro TBox MS-CPU32 Affected: 1.46 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro ​TBox MS-CPU32-S2 Affected: 1.46 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro TBox LT2 Affected: 1.46 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro TBox TG2 Affected: 1.46 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro TBox RM2 Affected: 1.46 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Date Public
    2023-06-29 18:00
    Credits
    Floris Hendriks Jeroen Wijenbergh Radboud University
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:52:54.178Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-36608",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-25T13:04:59.269687Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T13:08:01.588Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TBox MS-CPU32",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "1.46",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "\u200bTBox MS-CPU32-S2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "1.46",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TBox LT2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "1.46",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TBox TG2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "1.46",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TBox RM2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "1.46",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Floris Hendriks"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Jeroen Wijenbergh"
            },
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Radboud University"
            }
          ],
          "datePublic": "2023-06-29T18:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe affected TBox RTUs store hashed passwords using MD5 encryption, which is an insecure encryption algorithm.\u003c/span\u003e"
                }
              ],
              "value": "\nThe affected TBox RTUs store hashed passwords using MD5 encryption, which is an insecure encryption algorithm."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-327",
                  "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-03T19:55:21.309Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-36608",
        "datePublished": "2023-07-03T19:55:21.309Z",
        "dateReserved": "2023-06-23T20:39:08.360Z",
        "dateUpdated": "2024-10-25T13:08:01.588Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-36607 (GCVE-0-2023-36607)

    Vulnerability from nvd – Published: 2023-06-29 20:30 – Updated: 2024-11-26 19:21
    VLAI
    Title
    CVE-2023-36607
    Summary
    The affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file contents.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Ovarro TBox RM2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro TBox TG2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro TBox LT2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro TBox MS-CPU32-S2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro TBox MS-CPU32 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    ovarro tbox_rm2 Affected: 0 , ≤ 1.50.598 (custom)
        cpe:2.3:h:ovarro:tbox_rm2:-:*:*:*:*:*:*:*
    Create a notification for this product.
    ovarro tbox_tg2 Affected: 0 , ≤ 1.50.598 (custom)
        cpe:2.3:h:ovarro:tbox_tg2:-:*:*:*:*:*:*:*
    Create a notification for this product.
    ovarro tbox_lt2 Affected: 0 , ≤ 1.50.598 (custom)
        cpe:2.3:h:ovarro:tbox_lt2:-:*:*:*:*:*:*:*
    Create a notification for this product.
    ovarro tbox_ms-cpu32-s2 Affected: 0 , ≤ 1.50.598 (custom)
        cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:-:*:*:*:*:*:*:*
    Create a notification for this product.
    ovarro tbox_ms-cpu32 Affected: 0 , ≤ 1.50.598 (custom)
        cpe:2.3:h:ovarro:tbox_ms-cpu32:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-06-29 20:28
    Credits
    Floris Hendriks Jeroen Wijenbergh Radboud University
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:52:53.640Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:ovarro:tbox_rm2:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "tbox_rm2",
                "vendor": "ovarro",
                "versions": [
                  {
                    "lessThanOrEqual": "1.50.598",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:ovarro:tbox_tg2:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "tbox_tg2",
                "vendor": "ovarro",
                "versions": [
                  {
                    "lessThanOrEqual": "1.50.598",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:ovarro:tbox_lt2:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "tbox_lt2",
                "vendor": "ovarro",
                "versions": [
                  {
                    "lessThanOrEqual": "1.50.598",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "tbox_ms-cpu32-s2",
                "vendor": "ovarro",
                "versions": [
                  {
                    "lessThanOrEqual": "1.50.598",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:ovarro:tbox_ms-cpu32:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "tbox_ms-cpu32",
                "vendor": "ovarro",
                "versions": [
                  {
                    "lessThanOrEqual": "1.50.598",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-36607",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-26T19:19:20.721532Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T19:21:53.870Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TBox RM2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TBox TG2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TBox LT2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TBox MS-CPU32-S2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TBox MS-CPU32",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Floris Hendriks"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Jeroen Wijenbergh"
            },
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Radboud University"
            }
          ],
          "datePublic": "2023-06-29T20:28:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file contents.\u003c/p\u003e"
                }
              ],
              "value": "The affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file contents.\n\n"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-29T20:30:13.093Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CVE-2023-36607",
          "x_generator": {
            "engine": "VINCE 2.1.2",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2023-36607"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-36607",
        "datePublished": "2023-06-29T20:30:13.093Z",
        "dateReserved": "2023-06-23T20:39:08.360Z",
        "dateUpdated": "2024-11-26T19:21:53.870Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3395 (GCVE-0-2023-3395)

    Vulnerability from cvelistv5 – Published: 2023-07-03 20:04 – Updated: 2024-10-24 19:53
    VLAI
    Summary
    ​All versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in memory. An attacker with access to system files could open a file to load the document into memory, including sensitive information associated with document, such as password. The attacker could then obtain the plaintext password by using a memory viewer.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-256 - Plaintext Storage of a Password
    Assigner
    References
    Impacted products
    Vendor Product Version
    Ovarro TBox MS-CPU32 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro ​TBox MS-CPU32-S2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro TBox LT2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro TBox TG2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro TBox RM2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Date Public
    2023-06-29 18:00
    Credits
    Floris Hendriks Jeroen Wijenbergh Radboud University
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:55:03.225Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3395",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-24T19:53:22.213521Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-24T19:53:58.951Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TBox MS-CPU32",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "\u200bTBox MS-CPU32-S2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TBox LT2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TBox TG2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TBox RM2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Floris Hendriks"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Jeroen Wijenbergh"
            },
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Radboud University"
            }
          ],
          "datePublic": "2023-06-29T18:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u200bAll versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in memory. An attacker with access to system files could open a file to load the document into memory, including sensitive information associated with document, such as password. The attacker could then obtain the plaintext password by using a memory viewer.\u003c/span\u003e\n\n"
                }
              ],
              "value": "\n\u200bAll versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in memory. An attacker with access to system files could open a file to load the document into memory, including sensitive information associated with document, such as password. The attacker could then obtain the plaintext password by using a memory viewer.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-256",
                  "description": "CWE-256 Plaintext Storage of a Password",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-03T20:04:17.653Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-3395",
        "datePublished": "2023-07-03T20:04:17.653Z",
        "dateReserved": "2023-06-23T20:42:39.795Z",
        "dateUpdated": "2024-10-24T19:53:58.951Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-36611 (GCVE-0-2023-36611)

    Vulnerability from cvelistv5 – Published: 2023-07-03 20:03 – Updated: 2024-10-25 13:08
    VLAI
    Summary
    The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with “user” privileges to access files requiring higher privileges by establishing an SSH session and providing the other tokens.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Ovarro TBox MS-CPU32 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro ​TBox MS-CPU32-S2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro TBox LT2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro TBox TG2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro TBox RM2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Date Public
    2023-06-29 18:00
    Credits
    Floris Hendriks Jeroen Wijenbergh Radboud University
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:52:54.051Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-36611",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-25T13:04:51.270877Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T13:08:42.739Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TBox MS-CPU32",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "\u200bTBox MS-CPU32-S2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TBox LT2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TBox TG2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TBox RM2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Floris Hendriks"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Jeroen Wijenbergh"
            },
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Radboud University"
            }
          ],
          "datePublic": "2023-06-29T18:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with \u201cuser\u201d privileges to access files requiring higher privileges by establishing an SSH session and providing the other tokens.\u003c/span\u003e\n\n"
                }
              ],
              "value": "\nThe affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with \u201cuser\u201d privileges to access files requiring higher privileges by establishing an SSH session and providing the other tokens.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285 Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-03T20:03:07.721Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-36611",
        "datePublished": "2023-07-03T20:03:07.721Z",
        "dateReserved": "2023-06-23T20:39:08.361Z",
        "dateUpdated": "2024-10-25T13:08:42.739Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-36610 (GCVE-0-2023-36610)

    Vulnerability from cvelistv5 – Published: 2023-07-03 20:01 – Updated: 2024-10-25 13:08
    VLAI
    Summary
    ​The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successfully brute force the token and authenticate themselves.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Ovarro TBox MS-CPU32 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro ​TBox MS-CPU32-S2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro TBox LT2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro TBox TG2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro TBox RM2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Date Public
    2023-06-29 18:00
    Credits
    Floris Hendriks Jeroen Wijenbergh Radboud University
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:52:54.193Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-36610",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-25T13:04:55.721103Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T13:08:23.603Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TBox MS-CPU32",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "\u200bTBox MS-CPU32-S2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TBox LT2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TBox TG2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TBox RM2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Floris Hendriks"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Jeroen Wijenbergh"
            },
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Radboud University"
            }
          ],
          "datePublic": "2023-06-29T18:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u200bThe affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successfully brute force the token and authenticate themselves.\u003c/span\u003e\n\n"
                }
              ],
              "value": "\n\u200bThe affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successfully brute force the token and authenticate themselves.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-331",
                  "description": "CWE-331 Insufficient Entropy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-03T20:01:31.978Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-36610",
        "datePublished": "2023-07-03T20:01:31.978Z",
        "dateReserved": "2023-06-23T20:39:08.361Z",
        "dateUpdated": "2024-10-25T13:08:23.603Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-36609 (GCVE-0-2023-36609)

    Vulnerability from cvelistv5 – Published: 2023-07-03 19:59 – Updated: 2024-11-25 18:11
    VLAI
    Summary
    The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
    Assigner
    References
    Impacted products
    Vendor Product Version
    Ovarro TBox MS-CPU32 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro ​TBox MS-CPU32-S2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro TBox LT2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro TBox TG2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro TBox RM2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    ovarro tbox_ms-cpu32 Affected: 0 , ≤ 1.50.598 (custom)
        cpe:2.3:h:ovarro:tbox_ms-cpu32:-:*:*:*:*:*:*:*
    Create a notification for this product.
    ovarro tbox_ms-cpu32-s2 Affected: 0 , ≤ 1.50.598 (custom)
        cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:-:*:*:*:*:*:*:*
    Create a notification for this product.
    ovarro tbox_tg2 Affected: 0 , ≤ 1.50.598 (custom)
        cpe:2.3:h:ovarro:tbox_tg2:-:*:*:*:*:*:*:*
    Create a notification for this product.
    ovarro tbox_lt2 Affected: 0 , ≤ 1.50.598 (custom)
        cpe:2.3:h:ovarro:tbox_lt2:-:*:*:*:*:*:*:*
    Create a notification for this product.
    ovarro tbox_rm2 Affected: 0 , ≤ 1.50.598 (custom)
        cpe:2.3:h:ovarro:tbox_rm2:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-06-29 18:00
    Credits
    Floris Hendriks Jeroen Wijenbergh Radboud University
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:52:53.785Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:ovarro:tbox_ms-cpu32:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "tbox_ms-cpu32",
                "vendor": "ovarro",
                "versions": [
                  {
                    "lessThanOrEqual": "1.50.598",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "tbox_ms-cpu32-s2",
                "vendor": "ovarro",
                "versions": [
                  {
                    "lessThanOrEqual": "1.50.598",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:ovarro:tbox_tg2:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "tbox_tg2",
                "vendor": "ovarro",
                "versions": [
                  {
                    "lessThanOrEqual": "1.50.598",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:ovarro:tbox_lt2:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "tbox_lt2",
                "vendor": "ovarro",
                "versions": [
                  {
                    "lessThanOrEqual": "1.50.598",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:ovarro:tbox_rm2:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "tbox_rm2",
                "vendor": "ovarro",
                "versions": [
                  {
                    "lessThanOrEqual": "1.50.598",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-36609",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-25T18:08:41.527780Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-25T18:11:48.466Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TBox MS-CPU32",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "\u200bTBox MS-CPU32-S2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TBox LT2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TBox TG2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TBox RM2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Floris Hendriks"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Jeroen Wijenbergh"
            },
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Radboud University"
            }
          ],
          "datePublic": "2023-06-29T18:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges.\u003c/span\u003e\n\n"
                }
              ],
              "value": "\nThe affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-829",
                  "description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-03T19:59:08.547Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-36609",
        "datePublished": "2023-07-03T19:59:08.547Z",
        "dateReserved": "2023-06-23T20:39:08.361Z",
        "dateUpdated": "2024-11-25T18:11:48.466Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-36608 (GCVE-0-2023-36608)

    Vulnerability from cvelistv5 – Published: 2023-07-03 19:55 – Updated: 2024-10-25 13:08
    VLAI
    Summary
    The affected TBox RTUs store hashed passwords using MD5 encryption, which is an insecure encryption algorithm.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
    Assigner
    References
    Impacted products
    Vendor Product Version
    Ovarro TBox MS-CPU32 Affected: 1.46 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro ​TBox MS-CPU32-S2 Affected: 1.46 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro TBox LT2 Affected: 1.46 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro TBox TG2 Affected: 1.46 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro TBox RM2 Affected: 1.46 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Date Public
    2023-06-29 18:00
    Credits
    Floris Hendriks Jeroen Wijenbergh Radboud University
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:52:54.178Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-36608",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-25T13:04:59.269687Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T13:08:01.588Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TBox MS-CPU32",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "1.46",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "\u200bTBox MS-CPU32-S2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "1.46",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TBox LT2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "1.46",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TBox TG2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "1.46",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TBox RM2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "1.46",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Floris Hendriks"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Jeroen Wijenbergh"
            },
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Radboud University"
            }
          ],
          "datePublic": "2023-06-29T18:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe affected TBox RTUs store hashed passwords using MD5 encryption, which is an insecure encryption algorithm.\u003c/span\u003e"
                }
              ],
              "value": "\nThe affected TBox RTUs store hashed passwords using MD5 encryption, which is an insecure encryption algorithm."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-327",
                  "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-03T19:55:21.309Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-36608",
        "datePublished": "2023-07-03T19:55:21.309Z",
        "dateReserved": "2023-06-23T20:39:08.360Z",
        "dateUpdated": "2024-10-25T13:08:01.588Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-36607 (GCVE-0-2023-36607)

    Vulnerability from cvelistv5 – Published: 2023-06-29 20:30 – Updated: 2024-11-26 19:21
    VLAI
    Title
    CVE-2023-36607
    Summary
    The affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file contents.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Ovarro TBox RM2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro TBox TG2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro TBox LT2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro TBox MS-CPU32-S2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro TBox MS-CPU32 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    ovarro tbox_rm2 Affected: 0 , ≤ 1.50.598 (custom)
        cpe:2.3:h:ovarro:tbox_rm2:-:*:*:*:*:*:*:*
    Create a notification for this product.
    ovarro tbox_tg2 Affected: 0 , ≤ 1.50.598 (custom)
        cpe:2.3:h:ovarro:tbox_tg2:-:*:*:*:*:*:*:*
    Create a notification for this product.
    ovarro tbox_lt2 Affected: 0 , ≤ 1.50.598 (custom)
        cpe:2.3:h:ovarro:tbox_lt2:-:*:*:*:*:*:*:*
    Create a notification for this product.
    ovarro tbox_ms-cpu32-s2 Affected: 0 , ≤ 1.50.598 (custom)
        cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:-:*:*:*:*:*:*:*
    Create a notification for this product.
    ovarro tbox_ms-cpu32 Affected: 0 , ≤ 1.50.598 (custom)
        cpe:2.3:h:ovarro:tbox_ms-cpu32:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-06-29 20:28
    Credits
    Floris Hendriks Jeroen Wijenbergh Radboud University
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:52:53.640Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:ovarro:tbox_rm2:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "tbox_rm2",
                "vendor": "ovarro",
                "versions": [
                  {
                    "lessThanOrEqual": "1.50.598",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:ovarro:tbox_tg2:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "tbox_tg2",
                "vendor": "ovarro",
                "versions": [
                  {
                    "lessThanOrEqual": "1.50.598",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:ovarro:tbox_lt2:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "tbox_lt2",
                "vendor": "ovarro",
                "versions": [
                  {
                    "lessThanOrEqual": "1.50.598",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "tbox_ms-cpu32-s2",
                "vendor": "ovarro",
                "versions": [
                  {
                    "lessThanOrEqual": "1.50.598",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:ovarro:tbox_ms-cpu32:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "tbox_ms-cpu32",
                "vendor": "ovarro",
                "versions": [
                  {
                    "lessThanOrEqual": "1.50.598",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-36607",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-26T19:19:20.721532Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T19:21:53.870Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TBox RM2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TBox TG2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TBox LT2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TBox MS-CPU32-S2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TBox MS-CPU32",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Floris Hendriks"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Jeroen Wijenbergh"
            },
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Radboud University"
            }
          ],
          "datePublic": "2023-06-29T20:28:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file contents.\u003c/p\u003e"
                }
              ],
              "value": "The affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file contents.\n\n"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-29T20:30:13.093Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CVE-2023-36607",
          "x_generator": {
            "engine": "VINCE 2.1.2",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2023-36607"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-36607",
        "datePublished": "2023-06-29T20:30:13.093Z",
        "dateReserved": "2023-06-23T20:39:08.360Z",
        "dateUpdated": "2024-11-26T19:21:53.870Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }