Lucene search
K

109 matches found

Cvelist
Cvelist
added 2023/11/21 12:11 a.m.23 views

CVE-2023-40151 Red Lion Controls Sixnet RTU Exposed Dangerous Method Or Function

When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled UDR-A any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP t...

10CVSS9.9AI score0.01149EPSS
Exploits0References2
NVD
NVD
added 2023/07/03 9:15 p.m.18 views

CVE-2023-36611

The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with “user” privileges to access files requiring higher privileges by establishing an SSH session and providing the other tokens...

6.5CVSS6.6AI score0.00509EPSS
Exploits0References1
NVD
NVD
added 2023/07/03 9:15 p.m.22 views

CVE-2023-36610

​The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successful...

5.9CVSS6AI score0.00511EPSS
Exploits0References1
Prion
Prion
added 2023/07/03 9:15 p.m.14 views

Code injection

?The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successful...

2.6CVSS6.2AI score0.00511EPSS
Exploits0References1Affected Software5
NVD
NVD
added 2023/07/03 8:15 p.m.18 views

CVE-2023-36608

The affected TBox RTUs store hashed passwords using MD5 encryption, which is an insecure encryption algorithm...

6.5CVSS6.7AI score0.0023EPSS
Exploits0References1
NVD
NVD
added 2023/07/03 8:15 p.m.30 views

CVE-2023-36609

The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges...

7.2CVSS6.9AI score0.00698EPSS
Exploits0References1
Prion
Prion
added 2023/07/03 8:15 p.m.27 views

Default configuration

The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges...

5.8CVSS6.8AI score0.00698EPSS
Exploits0References1Affected Software5
Vulnrichment
Vulnrichment
added 2023/07/03 8:3 p.m.10 views

CVE-2023-36611

The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with “user” privileges to access files requiring higher privileges by establishing an SSH session and providing the other tokens...

6.5CVSS6.9AI score0.00509EPSS
Exploits0References1
CVE
CVE
added 2023/07/03 8:3 p.m.32 views

CVE-2023-36611

The CVE-2023-36611 issue affects Ovarro TBox RTUs and is described as an improper authorization vulnerability: low-privilege (user) access can reach higher-privilege software security tokens, potentially allowing access to files requiring higher privileges via SSH and token provisioning. Affected...

6.5CVSS6.4AI score0.00509EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/07/03 8:3 p.m.21 views

CVE-2023-36611

The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with “user” privileges to access files requiring higher privileges by establishing an SSH session and providing the other tokens...

6.5CVSS6.7AI score0.00509EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/07/03 8:1 p.m.12 views

CVE-2023-36610

​The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successful...

5.9CVSS6.9AI score0.00511EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/07/03 8:1 p.m.34 views

CVE-2023-36610

​The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successful...

5.9CVSS5.9AI score0.00511EPSS
Exploits0References1
CVE
CVE
added 2023/07/03 8:1 p.m.35 views

CVE-2023-36610

The CVE-2023-36610 issue affects Ovarro TBox RTUs, where software security tokens are generated with insufficient entropy due to an uninitialized random seed and time-based values in other token components. This weakness can allow an attacker to brute-force tokens and authenticate, per multiple s...

5.9CVSS5.7AI score0.00511EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/03 7:59 p.m.12 views

CVE-2023-36609

The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges...

7.2CVSS6.6AI score0.00698EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/07/03 7:59 p.m.31 views

CVE-2023-36609

The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges...

7.2CVSS7.1AI score0.00698EPSS
Exploits0References1
CVE
CVE
added 2023/07/03 7:59 p.m.41 views

CVE-2023-36609

CVE-2023-36609 affects Ovarro TBox RTUs where OpenVPN runs with root privileges and can execute user-defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script to the TBox host to gain root privileges. Mitigation from CISA/EU/NVD references: update ...

7.2CVSS6.8AI score0.00698EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/07/03 7:55 p.m.34 views

CVE-2023-36608

CVE-2023-36608 concerns the use of MD5 to hash stored passwords in Ovarro TBox RTUs. The root cause is an insecure cryptographic algorithm for password storage, affecting multiple TBox firmware lines (e.g., MS-CPU32, MS-CPU32-S2, LT2, TG2, RM2) with versions listed up to 1.50.598 and prior for so...

6.5CVSS6.5AI score0.0023EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/03 7:55 p.m.15 views

CVE-2023-36608

The affected TBox RTUs store hashed passwords using MD5 encryption, which is an insecure encryption algorithm...

6.5CVSS7AI score0.0023EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/07/03 7:55 p.m.27 views

CVE-2023-36608

The affected TBox RTUs store hashed passwords using MD5 encryption, which is an insecure encryption algorithm...

6.5CVSS6.7AI score0.0023EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/07/03 12:0 a.m.6 views

PT-2023-25632 · Tbox Rtus · Tbox Rtus

Name of the Vulnerable Software and Affected Versions: TBox RTUs affected versions not specified Description: The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of...

5.9CVSS5.5AI score0.00511EPSS
Exploits0References4
Rows per page
Query Builder