Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for TBox MS-CPU32-S2 by Ovarro

    CVE-2023-36607 (GCVE-0-2023-36607)

    Vulnerability from nvd – Published: 2023-06-29 20:30 – Updated: 2024-11-26 19:21
    VLAI
    Title
    CVE-2023-36607
    Summary
    The affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file contents.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Ovarro TBox RM2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro TBox TG2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro TBox LT2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro TBox MS-CPU32-S2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro TBox MS-CPU32 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    ovarro tbox_rm2 Affected: 0 , ≤ 1.50.598 (custom)
        cpe:2.3:h:ovarro:tbox_rm2:-:*:*:*:*:*:*:*
    Create a notification for this product.
    ovarro tbox_tg2 Affected: 0 , ≤ 1.50.598 (custom)
        cpe:2.3:h:ovarro:tbox_tg2:-:*:*:*:*:*:*:*
    Create a notification for this product.
    ovarro tbox_lt2 Affected: 0 , ≤ 1.50.598 (custom)
        cpe:2.3:h:ovarro:tbox_lt2:-:*:*:*:*:*:*:*
    Create a notification for this product.
    ovarro tbox_ms-cpu32-s2 Affected: 0 , ≤ 1.50.598 (custom)
        cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:-:*:*:*:*:*:*:*
    Create a notification for this product.
    ovarro tbox_ms-cpu32 Affected: 0 , ≤ 1.50.598 (custom)
        cpe:2.3:h:ovarro:tbox_ms-cpu32:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-06-29 20:28
    Credits
    Floris Hendriks Jeroen Wijenbergh Radboud University
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:52:53.640Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:ovarro:tbox_rm2:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "tbox_rm2",
                "vendor": "ovarro",
                "versions": [
                  {
                    "lessThanOrEqual": "1.50.598",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:ovarro:tbox_tg2:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "tbox_tg2",
                "vendor": "ovarro",
                "versions": [
                  {
                    "lessThanOrEqual": "1.50.598",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:ovarro:tbox_lt2:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "tbox_lt2",
                "vendor": "ovarro",
                "versions": [
                  {
                    "lessThanOrEqual": "1.50.598",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "tbox_ms-cpu32-s2",
                "vendor": "ovarro",
                "versions": [
                  {
                    "lessThanOrEqual": "1.50.598",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:ovarro:tbox_ms-cpu32:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "tbox_ms-cpu32",
                "vendor": "ovarro",
                "versions": [
                  {
                    "lessThanOrEqual": "1.50.598",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-36607",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-26T19:19:20.721532Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T19:21:53.870Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TBox RM2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TBox TG2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TBox LT2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TBox MS-CPU32-S2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TBox MS-CPU32",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Floris Hendriks"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Jeroen Wijenbergh"
            },
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Radboud University"
            }
          ],
          "datePublic": "2023-06-29T20:28:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file contents.\u003c/p\u003e"
                }
              ],
              "value": "The affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file contents.\n\n"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-29T20:30:13.093Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CVE-2023-36607",
          "x_generator": {
            "engine": "VINCE 2.1.2",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2023-36607"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-36607",
        "datePublished": "2023-06-29T20:30:13.093Z",
        "dateReserved": "2023-06-23T20:39:08.360Z",
        "dateUpdated": "2024-11-26T19:21:53.870Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-36607 (GCVE-0-2023-36607)

    Vulnerability from cvelistv5 – Published: 2023-06-29 20:30 – Updated: 2024-11-26 19:21
    VLAI
    Title
    CVE-2023-36607
    Summary
    The affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file contents.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Ovarro TBox RM2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro TBox TG2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro TBox LT2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro TBox MS-CPU32-S2 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    Ovarro TBox MS-CPU32 Affected: 0 , ≤ 1.50.598 (custom)
    Create a notification for this product.
    ovarro tbox_rm2 Affected: 0 , ≤ 1.50.598 (custom)
        cpe:2.3:h:ovarro:tbox_rm2:-:*:*:*:*:*:*:*
    Create a notification for this product.
    ovarro tbox_tg2 Affected: 0 , ≤ 1.50.598 (custom)
        cpe:2.3:h:ovarro:tbox_tg2:-:*:*:*:*:*:*:*
    Create a notification for this product.
    ovarro tbox_lt2 Affected: 0 , ≤ 1.50.598 (custom)
        cpe:2.3:h:ovarro:tbox_lt2:-:*:*:*:*:*:*:*
    Create a notification for this product.
    ovarro tbox_ms-cpu32-s2 Affected: 0 , ≤ 1.50.598 (custom)
        cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:-:*:*:*:*:*:*:*
    Create a notification for this product.
    ovarro tbox_ms-cpu32 Affected: 0 , ≤ 1.50.598 (custom)
        cpe:2.3:h:ovarro:tbox_ms-cpu32:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-06-29 20:28
    Credits
    Floris Hendriks Jeroen Wijenbergh Radboud University
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:52:53.640Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:ovarro:tbox_rm2:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "tbox_rm2",
                "vendor": "ovarro",
                "versions": [
                  {
                    "lessThanOrEqual": "1.50.598",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:ovarro:tbox_tg2:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "tbox_tg2",
                "vendor": "ovarro",
                "versions": [
                  {
                    "lessThanOrEqual": "1.50.598",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:ovarro:tbox_lt2:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "tbox_lt2",
                "vendor": "ovarro",
                "versions": [
                  {
                    "lessThanOrEqual": "1.50.598",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "tbox_ms-cpu32-s2",
                "vendor": "ovarro",
                "versions": [
                  {
                    "lessThanOrEqual": "1.50.598",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:ovarro:tbox_ms-cpu32:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "tbox_ms-cpu32",
                "vendor": "ovarro",
                "versions": [
                  {
                    "lessThanOrEqual": "1.50.598",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-36607",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-26T19:19:20.721532Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T19:21:53.870Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TBox RM2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TBox TG2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TBox LT2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TBox MS-CPU32-S2",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TBox MS-CPU32",
              "vendor": "Ovarro",
              "versions": [
                {
                  "lessThanOrEqual": "1.50.598",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Floris Hendriks"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Jeroen Wijenbergh"
            },
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Radboud University"
            }
          ],
          "datePublic": "2023-06-29T20:28:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file contents.\u003c/p\u003e"
                }
              ],
              "value": "The affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file contents.\n\n"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-29T20:30:13.093Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CVE-2023-36607",
          "x_generator": {
            "engine": "VINCE 2.1.2",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2023-36607"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-36607",
        "datePublished": "2023-06-29T20:30:13.093Z",
        "dateReserved": "2023-06-23T20:39:08.360Z",
        "dateUpdated": "2024-11-26T19:21:53.870Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }