Search
Find a vulnerability
Search criteria
2 vulnerabilities found for TBox MS-CPU32-S2 by Ovarro
CVE-2023-36607 (GCVE-0-2023-36607)
Vulnerability from nvd – Published: 2023-06-29 20:30 – Updated: 2024-11-26 19:21
VLAI
Title
CVE-2023-36607
Summary
The affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file contents.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/i… | government-resource |
Impacted products
10 products
| Vendor | Product | Version | |
|---|---|---|---|
| Ovarro | TBox RM2 |
Affected:
0 , ≤ 1.50.598
(custom)
|
|
| Ovarro | TBox TG2 |
Affected:
0 , ≤ 1.50.598
(custom)
|
|
| Ovarro | TBox LT2 |
Affected:
0 , ≤ 1.50.598
(custom)
|
|
| Ovarro | TBox MS-CPU32-S2 |
Affected:
0 , ≤ 1.50.598
(custom)
|
|
| Ovarro | TBox MS-CPU32 |
Affected:
0 , ≤ 1.50.598
(custom)
|
|
| ovarro | tbox_rm2 |
Affected:
0 , ≤ 1.50.598
(custom)
cpe:2.3:h:ovarro:tbox_rm2:-:*:*:*:*:*:*:* |
|
| ovarro | tbox_tg2 |
Affected:
0 , ≤ 1.50.598
(custom)
cpe:2.3:h:ovarro:tbox_tg2:-:*:*:*:*:*:*:* |
|
| ovarro | tbox_lt2 |
Affected:
0 , ≤ 1.50.598
(custom)
cpe:2.3:h:ovarro:tbox_lt2:-:*:*:*:*:*:*:* |
|
| ovarro | tbox_ms-cpu32-s2 |
Affected:
0 , ≤ 1.50.598
(custom)
cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:-:*:*:*:*:*:*:* |
|
| ovarro | tbox_ms-cpu32 |
Affected:
0 , ≤ 1.50.598
(custom)
cpe:2.3:h:ovarro:tbox_ms-cpu32:-:*:*:*:*:*:*:* |
Date Public
2023-06-29 20:28
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:52:53.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:ovarro:tbox_rm2:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "tbox_rm2",
"vendor": "ovarro",
"versions": [
{
"lessThanOrEqual": "1.50.598",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:ovarro:tbox_tg2:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "tbox_tg2",
"vendor": "ovarro",
"versions": [
{
"lessThanOrEqual": "1.50.598",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:ovarro:tbox_lt2:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "tbox_lt2",
"vendor": "ovarro",
"versions": [
{
"lessThanOrEqual": "1.50.598",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "tbox_ms-cpu32-s2",
"vendor": "ovarro",
"versions": [
{
"lessThanOrEqual": "1.50.598",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:ovarro:tbox_ms-cpu32:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tbox_ms-cpu32",
"vendor": "ovarro",
"versions": [
{
"lessThanOrEqual": "1.50.598",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36607",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T19:19:20.721532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T19:21:53.870Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TBox RM2",
"vendor": "Ovarro",
"versions": [
{
"lessThanOrEqual": "1.50.598",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TBox TG2",
"vendor": "Ovarro",
"versions": [
{
"lessThanOrEqual": "1.50.598",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TBox LT2",
"vendor": "Ovarro",
"versions": [
{
"lessThanOrEqual": "1.50.598",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TBox MS-CPU32-S2",
"vendor": "Ovarro",
"versions": [
{
"lessThanOrEqual": "1.50.598",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TBox MS-CPU32",
"vendor": "Ovarro",
"versions": [
{
"lessThanOrEqual": "1.50.598",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Floris Hendriks"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jeroen Wijenbergh"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Radboud University"
}
],
"datePublic": "2023-06-29T20:28:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file contents.\u003c/p\u003e"
}
],
"value": "The affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file contents.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-29T20:30:13.093Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2023-36607",
"x_generator": {
"engine": "VINCE 2.1.2",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-36607"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-36607",
"datePublished": "2023-06-29T20:30:13.093Z",
"dateReserved": "2023-06-23T20:39:08.360Z",
"dateUpdated": "2024-11-26T19:21:53.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-36607 (GCVE-0-2023-36607)
Vulnerability from cvelistv5 – Published: 2023-06-29 20:30 – Updated: 2024-11-26 19:21
VLAI
Title
CVE-2023-36607
Summary
The affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file contents.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/i… | government-resource |
Impacted products
10 products
| Vendor | Product | Version | |
|---|---|---|---|
| Ovarro | TBox RM2 |
Affected:
0 , ≤ 1.50.598
(custom)
|
|
| Ovarro | TBox TG2 |
Affected:
0 , ≤ 1.50.598
(custom)
|
|
| Ovarro | TBox LT2 |
Affected:
0 , ≤ 1.50.598
(custom)
|
|
| Ovarro | TBox MS-CPU32-S2 |
Affected:
0 , ≤ 1.50.598
(custom)
|
|
| Ovarro | TBox MS-CPU32 |
Affected:
0 , ≤ 1.50.598
(custom)
|
|
| ovarro | tbox_rm2 |
Affected:
0 , ≤ 1.50.598
(custom)
cpe:2.3:h:ovarro:tbox_rm2:-:*:*:*:*:*:*:* |
|
| ovarro | tbox_tg2 |
Affected:
0 , ≤ 1.50.598
(custom)
cpe:2.3:h:ovarro:tbox_tg2:-:*:*:*:*:*:*:* |
|
| ovarro | tbox_lt2 |
Affected:
0 , ≤ 1.50.598
(custom)
cpe:2.3:h:ovarro:tbox_lt2:-:*:*:*:*:*:*:* |
|
| ovarro | tbox_ms-cpu32-s2 |
Affected:
0 , ≤ 1.50.598
(custom)
cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:-:*:*:*:*:*:*:* |
|
| ovarro | tbox_ms-cpu32 |
Affected:
0 , ≤ 1.50.598
(custom)
cpe:2.3:h:ovarro:tbox_ms-cpu32:-:*:*:*:*:*:*:* |
Date Public
2023-06-29 20:28
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:52:53.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:ovarro:tbox_rm2:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "tbox_rm2",
"vendor": "ovarro",
"versions": [
{
"lessThanOrEqual": "1.50.598",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:ovarro:tbox_tg2:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "tbox_tg2",
"vendor": "ovarro",
"versions": [
{
"lessThanOrEqual": "1.50.598",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:ovarro:tbox_lt2:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "tbox_lt2",
"vendor": "ovarro",
"versions": [
{
"lessThanOrEqual": "1.50.598",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "tbox_ms-cpu32-s2",
"vendor": "ovarro",
"versions": [
{
"lessThanOrEqual": "1.50.598",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:ovarro:tbox_ms-cpu32:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tbox_ms-cpu32",
"vendor": "ovarro",
"versions": [
{
"lessThanOrEqual": "1.50.598",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36607",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T19:19:20.721532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T19:21:53.870Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TBox RM2",
"vendor": "Ovarro",
"versions": [
{
"lessThanOrEqual": "1.50.598",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TBox TG2",
"vendor": "Ovarro",
"versions": [
{
"lessThanOrEqual": "1.50.598",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TBox LT2",
"vendor": "Ovarro",
"versions": [
{
"lessThanOrEqual": "1.50.598",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TBox MS-CPU32-S2",
"vendor": "Ovarro",
"versions": [
{
"lessThanOrEqual": "1.50.598",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TBox MS-CPU32",
"vendor": "Ovarro",
"versions": [
{
"lessThanOrEqual": "1.50.598",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Floris Hendriks"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jeroen Wijenbergh"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Radboud University"
}
],
"datePublic": "2023-06-29T20:28:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file contents.\u003c/p\u003e"
}
],
"value": "The affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file contents.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-29T20:30:13.093Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2023-36607",
"x_generator": {
"engine": "VINCE 2.1.2",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-36607"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-36607",
"datePublished": "2023-06-29T20:30:13.093Z",
"dateReserved": "2023-06-23T20:39:08.360Z",
"dateUpdated": "2024-11-26T19:21:53.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}