?The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successfully brute force the token and authenticate themselves.
References
Link | Resource |
---|---|
https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03 | Mitigation Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
History
07 Jul 2023, 21:39
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:ovarro:tbox_ms-cpu32-s2_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ovarro:tbox_ms-cpu32:-:*:*:*:*:*:*:* cpe:2.3:o:ovarro:tbox_tg2_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ovarro:tbox_rm2:-:*:*:*:*:*:*:* cpe:2.3:o:ovarro:tbox_ms-cpu32_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ovarro:tbox_lt2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ovarro:tbox_rm2_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ovarro:tbox_lt2:-:*:*:*:*:*:*:* cpe:2.3:h:ovarro:tbox_tg2:-:*:*:*:*:*:*:* cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:-:*:*:*:*:*:*:* |
|
References | (MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03 - Mitigation, Third Party Advisory, US Government Resource | |
First Time |
Ovarro tbox Ms-cpu32-s2 Firmware
Ovarro tbox Ms-cpu32 Firmware Ovarro tbox Ms-cpu32 Ovarro tbox Tg2 Firmware Ovarro tbox Lt2 Firmware Ovarro tbox Ms-cpu32-s2 Ovarro Ovarro tbox Tg2 Ovarro tbox Lt2 Ovarro tbox Rm2 Ovarro tbox Rm2 Firmware |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.9 |
03 Jul 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-03 21:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-36610
Mitre link : CVE-2023-36610
CVE.ORG link : CVE-2023-36610
JSON object : View
Products Affected
ovarro
- tbox_rm2
- tbox_lt2
- tbox_ms-cpu32_firmware
- tbox_ms-cpu32-s2
- tbox_rm2_firmware
- tbox_ms-cpu32-s2_firmware
- tbox_ms-cpu32
- tbox_lt2_firmware
- tbox_tg2
- tbox_tg2_firmware
CWE
CWE-331
Insufficient Entropy