← Back

CVE-2023-36610

nvd nist
Published: Jul 3, 2023Modified: Nov 21, 2024

JSON object

Loading...
5.9
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 2.2 / Impact: 3.6
Source: NVD

Description

​The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successfully brute force the token and authenticate themselves.

Affected (5)

Ovarro
5 products
Tbox Ms Cpu32 Firmware
Tbox Ms Cpu32 S2 Firmware
Tbox Lt2 Firmware
Tbox Tg2 Firmware
Tbox Rm2 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tbox Ms Cpu32 Firmware
Up to 1.50.598
Running on/withPlatform Versions
Ovarro
Tbox Ms Cpu32
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tbox Ms Cpu32 S2 Firmware
Up to 1.50.598
Running on/withPlatform Versions
Ovarro
Tbox Ms Cpu32 S2
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tbox Lt2 Firmware
Up to 1.50.598
Running on/withPlatform Versions
Ovarro
Tbox Lt2
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tbox Tg2 Firmware
Up to 1.50.598
Running on/withPlatform Versions
Ovarro
Tbox Tg2
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tbox Rm2 Firmware
Up to 1.50.598
Running on/withPlatform Versions
Ovarro
Tbox Rm2
All versions

Related CWEs

CWE-331
Insufficient Entropy
The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

References (2)

Source: ics-cert@hq.dhs.gov
MitigationThird Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationThird Party AdvisoryUS Government Resource

Timeline

No history available yet.