CVE-2023-3395

CVSS 6.5 MEDIUMEPSS 0.3%CWE-256

All versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in memory. An attacker with access to system files could open a file to load the document into memory, including sensitive information associated with document, such as password. The attacker could then obtain the plaintext password by using a memory viewer.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Productos afectados

Ovarro · TBox LT2 Ovarro · TBox MS-CPU32 Ovarro · TBox MS-CPU32-S2 Ovarro · TBox RM2 Ovarro · TBox TG2

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03