CVE-2023-36610

CVSS 5.9 MEDIUMEPSS 0.4%CWE-331

The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successfully brute force the token and authenticate themselves.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Produtos afetados

Ovarro · TBox LT2 Ovarro · TBox MS-CPU32 Ovarro · TBox MS-CPU32-S2 Ovarro · TBox RM2 Ovarro · TBox TG2

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03