The affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file contents.
References
| Link | Resource |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03 | Mitigation Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
History
07 Jul 2023, 18:43
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:-:*:*:*:*:*:*:* cpe:2.3:o:ovarro:tbox_ms-cpu32-s2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ovarro:tbox_rm2_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ovarro:tbox_ms-cpu32:-:*:*:*:*:*:*:* cpe:2.3:h:ovarro:tbox_rm2:-:*:*:*:*:*:*:* cpe:2.3:h:ovarro:tbox_tg2:-:*:*:*:*:*:*:* cpe:2.3:h:ovarro:tbox_lt2:-:*:*:*:*:*:*:* cpe:2.3:o:ovarro:tbox_tg2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ovarro:tbox_lt2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ovarro:tbox_ms-cpu32_firmware:*:*:*:*:*:*:*:* |
|
| References | (MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03 - Mitigation, Third Party Advisory, US Government Resource | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
29 Jun 2023, 23:57
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-06-29 21:15
Updated : 2024-02-04 23:37
NVD link : CVE-2023-36607
Mitre link : CVE-2023-36607
CVE.ORG link : CVE-2023-36607
JSON object : View
Products Affected
ovarro
- tbox_rm2_firmware
- tbox_rm2
- tbox_ms-cpu32
- tbox_ms-cpu32-s2
- tbox_tg2
- tbox_lt2
- tbox_ms-cpu32_firmware
- tbox_lt2_firmware
- tbox_ms-cpu32-s2_firmware
- tbox_tg2_firmware
CWE
CWE-862
Missing Authorization