109 matches found
CVE-2023-40151 Red Lion Controls Sixnet RTU Exposed Dangerous Method Or Function
When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled UDR-A any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP t...
CVE-2023-36611
The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with “user” privileges to access files requiring higher privileges by establishing an SSH session and providing the other tokens...
CVE-2023-36610
The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successful...
Code injection
?The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successful...
CVE-2023-36608
The affected TBox RTUs store hashed passwords using MD5 encryption, which is an insecure encryption algorithm...
CVE-2023-36609
The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges...
Default configuration
The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges...
CVE-2023-36611
The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with “user” privileges to access files requiring higher privileges by establishing an SSH session and providing the other tokens...
CVE-2023-36611
The CVE-2023-36611 issue affects Ovarro TBox RTUs and is described as an improper authorization vulnerability: low-privilege (user) access can reach higher-privilege software security tokens, potentially allowing access to files requiring higher privileges via SSH and token provisioning. Affected...
CVE-2023-36611
The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with “user” privileges to access files requiring higher privileges by establishing an SSH session and providing the other tokens...
CVE-2023-36610
The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successful...
CVE-2023-36610
The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successful...
CVE-2023-36610
The CVE-2023-36610 issue affects Ovarro TBox RTUs, where software security tokens are generated with insufficient entropy due to an uninitialized random seed and time-based values in other token components. This weakness can allow an attacker to brute-force tokens and authenticate, per multiple s...
CVE-2023-36609
The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges...
CVE-2023-36609
The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges...
CVE-2023-36609
CVE-2023-36609 affects Ovarro TBox RTUs where OpenVPN runs with root privileges and can execute user-defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script to the TBox host to gain root privileges. Mitigation from CISA/EU/NVD references: update ...
CVE-2023-36608
CVE-2023-36608 concerns the use of MD5 to hash stored passwords in Ovarro TBox RTUs. The root cause is an insecure cryptographic algorithm for password storage, affecting multiple TBox firmware lines (e.g., MS-CPU32, MS-CPU32-S2, LT2, TG2, RM2) with versions listed up to 1.50.598 and prior for so...
CVE-2023-36608
The affected TBox RTUs store hashed passwords using MD5 encryption, which is an insecure encryption algorithm...
CVE-2023-36608
The affected TBox RTUs store hashed passwords using MD5 encryption, which is an insecure encryption algorithm...
PT-2023-25632 · Tbox Rtus · Tbox Rtus
Name of the Vulnerable Software and Affected Versions: TBox RTUs affected versions not specified Description: The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of...