Search criteria
2 vulnerabilities found for TBox MS-CPU32-S2 by Ovarro
CVE-2023-36607 (GCVE-0-2023-36607)
Vulnerability from cvelistv5 – Published: 2023-06-29 20:30 – Updated: 2024-11-26 19:21
VLAI?
Title
CVE-2023-36607
Summary
The affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file contents.
Severity ?
No CVSS data available.
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Ovarro | TBox RM2 |
Affected:
0 , ≤ 1.50.598
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
Credits
Floris Hendriks
Jeroen Wijenbergh
Radboud University
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:52:53.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:ovarro:tbox_rm2:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "tbox_rm2",
"vendor": "ovarro",
"versions": [
{
"lessThanOrEqual": "1.50.598",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:ovarro:tbox_tg2:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "tbox_tg2",
"vendor": "ovarro",
"versions": [
{
"lessThanOrEqual": "1.50.598",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:ovarro:tbox_lt2:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "tbox_lt2",
"vendor": "ovarro",
"versions": [
{
"lessThanOrEqual": "1.50.598",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "tbox_ms-cpu32-s2",
"vendor": "ovarro",
"versions": [
{
"lessThanOrEqual": "1.50.598",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:ovarro:tbox_ms-cpu32:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tbox_ms-cpu32",
"vendor": "ovarro",
"versions": [
{
"lessThanOrEqual": "1.50.598",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36607",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T19:19:20.721532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T19:21:53.870Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TBox RM2",
"vendor": "Ovarro",
"versions": [
{
"lessThanOrEqual": "1.50.598",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TBox TG2",
"vendor": "Ovarro",
"versions": [
{
"lessThanOrEqual": "1.50.598",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TBox LT2",
"vendor": "Ovarro",
"versions": [
{
"lessThanOrEqual": "1.50.598",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TBox MS-CPU32-S2",
"vendor": "Ovarro",
"versions": [
{
"lessThanOrEqual": "1.50.598",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TBox MS-CPU32",
"vendor": "Ovarro",
"versions": [
{
"lessThanOrEqual": "1.50.598",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Floris Hendriks"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jeroen Wijenbergh"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Radboud University"
}
],
"datePublic": "2023-06-29T20:28:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file contents.\u003c/p\u003e"
}
],
"value": "The affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file contents.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-29T20:30:13.093Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2023-36607",
"x_generator": {
"engine": "VINCE 2.1.2",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-36607"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-36607",
"datePublished": "2023-06-29T20:30:13.093Z",
"dateReserved": "2023-06-23T20:39:08.360Z",
"dateUpdated": "2024-11-26T19:21:53.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-36607 (GCVE-0-2023-36607)
Vulnerability from nvd – Published: 2023-06-29 20:30 – Updated: 2024-11-26 19:21
VLAI?
Title
CVE-2023-36607
Summary
The affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file contents.
Severity ?
No CVSS data available.
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Ovarro | TBox RM2 |
Affected:
0 , ≤ 1.50.598
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
Credits
Floris Hendriks
Jeroen Wijenbergh
Radboud University
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:52:53.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:ovarro:tbox_rm2:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "tbox_rm2",
"vendor": "ovarro",
"versions": [
{
"lessThanOrEqual": "1.50.598",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:ovarro:tbox_tg2:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "tbox_tg2",
"vendor": "ovarro",
"versions": [
{
"lessThanOrEqual": "1.50.598",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:ovarro:tbox_lt2:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "tbox_lt2",
"vendor": "ovarro",
"versions": [
{
"lessThanOrEqual": "1.50.598",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "tbox_ms-cpu32-s2",
"vendor": "ovarro",
"versions": [
{
"lessThanOrEqual": "1.50.598",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:ovarro:tbox_ms-cpu32:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tbox_ms-cpu32",
"vendor": "ovarro",
"versions": [
{
"lessThanOrEqual": "1.50.598",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36607",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T19:19:20.721532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T19:21:53.870Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TBox RM2",
"vendor": "Ovarro",
"versions": [
{
"lessThanOrEqual": "1.50.598",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TBox TG2",
"vendor": "Ovarro",
"versions": [
{
"lessThanOrEqual": "1.50.598",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TBox LT2",
"vendor": "Ovarro",
"versions": [
{
"lessThanOrEqual": "1.50.598",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TBox MS-CPU32-S2",
"vendor": "Ovarro",
"versions": [
{
"lessThanOrEqual": "1.50.598",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TBox MS-CPU32",
"vendor": "Ovarro",
"versions": [
{
"lessThanOrEqual": "1.50.598",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Floris Hendriks"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jeroen Wijenbergh"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Radboud University"
}
],
"datePublic": "2023-06-29T20:28:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file contents.\u003c/p\u003e"
}
],
"value": "The affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file contents.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-29T20:30:13.093Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2023-36607",
"x_generator": {
"engine": "VINCE 2.1.2",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-36607"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-36607",
"datePublished": "2023-06-29T20:30:13.093Z",
"dateReserved": "2023-06-23T20:39:08.360Z",
"dateUpdated": "2024-11-26T19:21:53.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}