CVE-2023-36610
Summary
| CVE | CVE-2023-36610 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-07-03 21:15:00 UTC |
| Updated | 2023-11-07 04:16:00 UTC |
| Description | The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successfully brute force the token and authenticate themselves. |
Risk And Classification
Problem Types: CWE-331
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Ovarro | Tbox Lt2 | - | All | All | All |
| Operating System | Ovarro | Tbox Lt2 Firmware | All | All | All | All |
| Hardware | Ovarro | Tbox Ms-cpu32 | - | All | All | All |
| Hardware | Ovarro | Tbox Ms-cpu32-s2 | - | All | All | All |
| Operating System | Ovarro | Tbox Ms-cpu32-s2 Firmware | All | All | All | All |
| Operating System | Ovarro | Tbox Ms-cpu32 Firmware | All | All | All | All |
| Hardware | Ovarro | Tbox Rm2 | - | All | All | All |
| Operating System | Ovarro | Tbox Rm2 Firmware | All | All | All | All |
| Hardware | Ovarro | Tbox Tg2 | - | All | All | All |
| Operating System | Ovarro | Tbox Tg2 Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Ovarro TBox RTUs | CISA | MISC | www.cisa.gov | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.