Lucene search

[email protected]CVE-2023-3395

HistoryJul 03, 2023 - 9:15 p.m.

CVE-2023-3395

2023-07-0321:15:10

CWE-312

CWE-256

[email protected]

web.nvd.nist.gov

cve-2023-3395

twinsoft configuration tool

plaintext passwords

memory encryption

security vulnerability

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.3 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.1%

JSON

All versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in memory. An attacker with access to system files could open a file to load the document into memory, including sensitive information associated with document, such as password. The attacker could then obtain the plaintext password by using a memory viewer.

Affected configurations

NVD

Node

ovarrotbox_ms-cpu32_firmwareMatch-

AND

ovarrotbox_ms-cpu32Match-

Node

ovarrotbox_ms-cpu32-s2_firmwareMatch-

AND

ovarrotbox_ms-cpu32-s2Match-

Node

ovarrotbox_lt2_firmwareMatch-

AND

ovarrotbox_lt2Match-

Node

ovarrotbox_tg2_firmwareMatch-

AND

ovarrotbox_tg2Match-

Node

ovarrotbox_rm2_firmwareMatch-

AND

ovarrotbox_rm2Match-

CPENameOperatorVersion
ovarro:tbox_ms-cpu32_firmwareovarro tbox ms-cpu32 firmwareeq-

CPE	Name	Operator	Version
ovarro:tbox_ms-cpu32_firmware	ovarro tbox ms-cpu32 firmware	eq	-

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "TBox MS-CPU32",
    "vendor": "Ovarro",
    "versions": [
      {
        "lessThanOrEqual": "1.50.598",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "TBox MS-CPU32-S2",
    "vendor": "Ovarro",
    "versions": [
      {
        "lessThanOrEqual": "1.50.598",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "TBox LT2",
    "vendor": "Ovarro",
    "versions": [
      {
        "lessThanOrEqual": "1.50.598",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "TBox TG2",
    "vendor": "Ovarro",
    "versions": [
      {
        "lessThanOrEqual": "1.50.598",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "TBox RM2",
    "vendor": "Ovarro",
    "versions": [
      {
        "lessThanOrEqual": "1.50.598",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-23-180-03

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.3 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.1%

JSON

Related for CVE-2023-3395

nvd1 prion1 cvelist1 ics1