Multiple vulnerabilities in Ovarro TBox RTUs
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2023-36607 CVE-2023-36609 CVE-2023-36610 CVE-2023-36611 CVE-2023-36608 CVE-2023-3395 |
| CWE-ID | CWE-862 CWE-829 CWE-331 CWE-285 CWE-327 CWE-256 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
TBox MS-CPU32 Hardware solutions / Firmware TBox MS-CPU32-S2 Hardware solutions / Firmware TBox TG2 Hardware solutions / Firmware TBox RM2 Hardware solutions / Firmware TBox LT2 Hardware solutions / Firmware |
| Vendor | Ovarro |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Missing Authorization
EUVDB-ID: #VU77822
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-36607
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to missing authorization for some API commands. A remote attacker can gain access to sensitive information on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsTBox MS-CPU32: 1.50.598
TBox MS-CPU32-S2: 1.50.598
TBox TG2: 1.50.598
TBox RM2: 1.50.598
TBox LT2: 1.50.598
CPE2.3- cpe:2.3:h:ovarro:tbox_ms-cpu32:*:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox_ms-cpu32:1.50.598:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:*:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:1.50.598:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox_tg2:*:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox_tg2:1.50.598:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox_rm2:*:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox_rm2:1.50.598:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox lt2:*:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox lt2:1.50.598:*:*:*:*:*:*:*
http://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Inclusion of Functionality from Untrusted Control Sphere
EUVDB-ID: #VU77823
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-36609
CWE-ID:
CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
Exploit availability: No
DescriptionThe vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to inclusion of functionality from untrusted control sphere. A remote administrator can set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsTBox MS-CPU32: 1.50.598
TBox MS-CPU32-S2: 1.50.598
TBox LT2: 1.50.598
TBox TG2: 1.50.598
TBox RM2: 1.50.598
CPE2.3- cpe:2.3:h:ovarro:tbox_ms-cpu32:*:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox_ms-cpu32:1.50.598:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:*:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:1.50.598:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox lt2:*:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox lt2:1.50.598:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox_tg2:*:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox_tg2:1.50.598:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox_rm2:*:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox_rm2:1.50.598:*:*:*:*:*:*:*
http://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Insufficient Entropy
EUVDB-ID: #VU77824
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-36610
CWE-ID:
CWE-331 - Insufficient Entropy
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the affected TBox RTUs generate software security tokens using insufficient entropy. A remote attacker can brute-force the token and authenticate themselves.
MitigationInstall updates from vendor's website.
Vulnerable software versionsTBox MS-CPU32: 1.50.598
TBox MS-CPU32-S2: 1.50.598
TBox LT2: 1.50.598
TBox TG2: 1.50.598
TBox RM2: 1.50.598
CPE2.3- cpe:2.3:h:ovarro:tbox_ms-cpu32:*:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox_ms-cpu32:1.50.598:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:*:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:1.50.598:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox lt2:*:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox lt2:1.50.598:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox_tg2:*:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox_tg2:1.50.598:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox_rm2:*:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox_rm2:1.50.598:*:*:*:*:*:*:*
http://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper Authorization
EUVDB-ID: #VU77825
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-36611
CWE-ID:
CWE-285 - Improper Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to improper authorization. A remote user can establish an SSH session and and access files requiring higher privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsTBox MS-CPU32: 1.50.598
TBox MS-CPU32-S2: 1.50.598
TBox LT2: 1.50.598
TBox TG2: 1.50.598
TBox RM2: 1.50.598
CPE2.3- cpe:2.3:h:ovarro:tbox_ms-cpu32:*:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox_ms-cpu32:1.50.598:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:*:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:1.50.598:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox lt2:*:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox lt2:1.50.598:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox_tg2:*:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox_tg2:1.50.598:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox_rm2:*:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox_rm2:1.50.598:*:*:*:*:*:*:*
http://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use of a broken or risky cryptographic algorithm
EUVDB-ID: #VU77826
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-36608
CWE-ID:
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the affected TBox RTUs store hashed passwords using MD5 encryption. A remote user can gain access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsTBox MS-CPU32: 1.46 - 1.50.598
TBox MS-CPU32-S2: 1.46 - 1.50.598
TBox TG2: 1.46 - 1.50.598
TBox RM2: 1.46 - 1.50.598
TBox LT2: 1.46 - 1.50.598
CPE2.3- cpe:2.3:h:ovarro:tbox_ms-cpu32:*:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox_ms-cpu32:1.46:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox_ms-cpu32:1.50.598:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:*:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:1.46:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:1.50.598:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox_tg2:*:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox_tg2:1.46:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox_tg2:1.50.598:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox_rm2:*:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox lt2:*:*:*:*:*:*:*:*
http://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Unprotected storage of credentials
EUVDB-ID: #VU77827
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-3395
CWE-ID:
CWE-256 - Unprotected Storage of Credentials
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to other users' credentials.
The vulnerability exists due to application stored credentials in plain text in the TWinSoft Configuration Tool. A remote user can obtain the plaintext password.
MitigationInstall updates from vendor's website.
Vulnerable software versionsTBox MS-CPU32: All versions
TBox MS-CPU32-S2: All versions
TBox LT2: All versions
TBox TG2: All versions
TBox RM2: All versions
CPE2.3- cpe:2.3:h:ovarro:tbox_ms-cpu32:*:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:*:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox lt2:*:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox_tg2:*:*:*:*:*:*:*:*
- cpe:2.3:h:ovarro:tbox_rm2:*:*:*:*:*:*:*:*
http://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
