CVE-2023-36607

🗓️ 29 Jun 2023 20:30:13Reported by icscertType

The TBox RTUs have missing authorization for certain API commands, enabling an attacker to reveal sensitive information

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2023-36607	30 Jun 202300:14	–	circl
CNNVD	Ovarro TBox RTU 安全漏洞	29 Jun 202300:00	–	cnnvd
Cvelist	CVE-2023-36607 CVE-2023-36607	29 Jun 202320:30	–	cvelist
EUVD	EUVD-2023-40552	3 Oct 202520:07	–	euvd
ICS	Ovarro TBox RTUs	29 Jun 202306:00	–	ics
NVD	CVE-2023-36607	29 Jun 202321:15	–	nvd
OSV	CVE-2023-36607	29 Jun 202321:15	–	osv
Prion	Authorization	29 Jun 202321:15	–	prion
Positive Technologies	PT-2023-25628 · Tbox Rtus · Tbox Rtus	29 Jun 202300:00	–	ptsecurity
Vulnrichment	CVE-2023-36607 CVE-2023-36607	29 Jun 202320:30	–	vulnrichment

NVD

Vulners

Vulnrichment

Node

ovarro tbox_ms-cpu32_firmwareRange≤1.50.598

AND

ovarro tbox_ms-cpu32Match-

Node

ovarro tbox_ms-cpu32-s2_firmwareRange≤1.50.598

AND

ovarro tbox_ms-cpu32-s2Match-

Node

ovarro tbox_lt2_firmwareRange≤1.50.598

AND

ovarro tbox_lt2Match-

Node

ovarro tbox_tg2_firmwareRange≤1.50.598

AND

ovarro tbox_tg2Match-

Node

ovarro tbox_rm2_firmwareRange≤1.50.598

AND

ovarro tbox_rm2Match-

[
  {
    "defaultStatus": "unaffected",
    "product": "TBox RM2",
    "vendor": "Ovarro",
    "versions": [
      {
        "lessThanOrEqual": "1.50.598",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "TBox TG2",
    "vendor": "Ovarro",
    "versions": [
      {
        "lessThanOrEqual": "1.50.598",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "TBox LT2",
    "vendor": "Ovarro",
    "versions": [
      {
        "lessThanOrEqual": "1.50.598",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "TBox MS-CPU32-S2",
    "vendor": "Ovarro",
    "versions": [
      {
        "lessThanOrEqual": "1.50.598",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "TBox MS-CPU32",
    "vendor": "Ovarro",
    "versions": [
      {
        "lessThanOrEqual": "1.50.598",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
cisa	www.cisa.gov/news-events/ics-advisories/icsa-23-180-03

21 Nov 2024 08:10Current

5.6Medium risk

Vulners AI Score5.6

CVSS 3.15.3

EPSS0.00115

SSVC

CWE-862