The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with “user” privileges to access files requiring higher privileges by establishing an SSH session and providing the other tokens.
References
Link | Resource |
---|---|
https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03 | Mitigation Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
History
07 Jul 2023, 21:40
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:-:*:*:*:*:*:*:* cpe:2.3:o:ovarro:tbox_ms-cpu32-s2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ovarro:tbox_rm2_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ovarro:tbox_ms-cpu32:-:*:*:*:*:*:*:* cpe:2.3:h:ovarro:tbox_rm2:-:*:*:*:*:*:*:* cpe:2.3:h:ovarro:tbox_tg2:-:*:*:*:*:*:*:* cpe:2.3:h:ovarro:tbox_lt2:-:*:*:*:*:*:*:* cpe:2.3:o:ovarro:tbox_tg2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ovarro:tbox_lt2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ovarro:tbox_ms-cpu32_firmware:*:*:*:*:*:*:*:* |
|
References | (MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03 - Mitigation, Third Party Advisory, US Government Resource | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
03 Jul 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-03 21:15
Updated : 2024-02-04 23:37
NVD link : CVE-2023-36611
Mitre link : CVE-2023-36611
CVE.ORG link : CVE-2023-36611
JSON object : View
Products Affected
ovarro
- tbox_rm2_firmware
- tbox_rm2
- tbox_ms-cpu32
- tbox_ms-cpu32-s2
- tbox_tg2
- tbox_lt2
- tbox_ms-cpu32_firmware
- tbox_lt2_firmware
- tbox_ms-cpu32-s2_firmware
- tbox_tg2_firmware
CWE
CWE-285
Improper Authorization