32 matches found
EUVD-2023-40555
Malicious code in bioql PyPI...
EUVD-2023-40554
Malicious code in bioql PyPI...
EUVD-2023-40556
Malicious code in bioql PyPI...
EUVD-2023-40553
Malicious code in bioql PyPI...
EUVD-2023-40552
Malicious code in bioql PyPI...
CVE-2023-36611
The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with “user” privileges to access files requiring higher privileges by establishing an SSH session and providing the other tokens...
CVE-2023-36610
The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successful...
Code injection
?The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successful...
CVE-2023-36609
The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges...
CVE-2023-36608
The affected TBox RTUs store hashed passwords using MD5 encryption, which is an insecure encryption algorithm...
Default configuration
The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges...
CVE-2023-36611
The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with “user” privileges to access files requiring higher privileges by establishing an SSH session and providing the other tokens...
CVE-2023-36611
The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with “user” privileges to access files requiring higher privileges by establishing an SSH session and providing the other tokens...
CVE-2023-36610
The CVE-2023-36610 issue affects Ovarro TBox RTUs, where software security tokens are generated with insufficient entropy due to an uninitialized random seed and time-based values in other token components. This weakness can allow an attacker to brute-force tokens and authenticate, per multiple s...
CVE-2023-36610
The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successful...
CVE-2023-36610
The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successful...
CVE-2023-36609
The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges...
CVE-2023-36609
The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges...
CVE-2023-36608
CVE-2023-36608 concerns the use of MD5 to hash stored passwords in Ovarro TBox RTUs. The root cause is an insecure cryptographic algorithm for password storage, affecting multiple TBox firmware lines (e.g., MS-CPU32, MS-CPU32-S2, LT2, TG2, RM2) with versions listed up to 1.50.598 and prior for so...
CVE-2023-36608
The affected TBox RTUs store hashed passwords using MD5 encryption, which is an insecure encryption algorithm...