The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with “user” privileges to access files requiring higher privileges by establishing an SSH session and providing the other tokens.
References
Link | Resource |
---|---|
https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03 | Mitigation Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
History
07 Jul 2023, 21:40
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
References | (MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03 - Mitigation, Third Party Advisory, US Government Resource | |
CPE | cpe:2.3:o:ovarro:tbox_ms-cpu32-s2_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ovarro:tbox_ms-cpu32:-:*:*:*:*:*:*:* cpe:2.3:o:ovarro:tbox_tg2_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ovarro:tbox_rm2:-:*:*:*:*:*:*:* cpe:2.3:o:ovarro:tbox_ms-cpu32_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ovarro:tbox_lt2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ovarro:tbox_rm2_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ovarro:tbox_lt2:-:*:*:*:*:*:*:* cpe:2.3:h:ovarro:tbox_tg2:-:*:*:*:*:*:*:* cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:-:*:*:*:*:*:*:* |
|
First Time |
Ovarro tbox Ms-cpu32-s2 Firmware
Ovarro tbox Ms-cpu32 Firmware Ovarro tbox Ms-cpu32 Ovarro tbox Tg2 Firmware Ovarro tbox Lt2 Firmware Ovarro tbox Ms-cpu32-s2 Ovarro Ovarro tbox Tg2 Ovarro tbox Lt2 Ovarro tbox Rm2 Ovarro tbox Rm2 Firmware |
03 Jul 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-03 21:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-36611
Mitre link : CVE-2023-36611
CVE.ORG link : CVE-2023-36611
JSON object : View
Products Affected
ovarro
- tbox_rm2
- tbox_lt2
- tbox_ms-cpu32_firmware
- tbox_ms-cpu32-s2
- tbox_rm2_firmware
- tbox_ms-cpu32-s2_firmware
- tbox_ms-cpu32
- tbox_lt2_firmware
- tbox_tg2
- tbox_tg2_firmware
CWE
CWE-285
Improper Authorization