CVE-2023-36607

EPSS 0.1%
Veröffentlicht 29.06.2023 21:15:09
Zuletzt bearbeitet 21.11.2024 08:10:03
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

The affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file contents.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ovarro ≫ Tbox Ms-cpu32 Firmware Version <= 1.50.598

Ovarro ≫ Tbox Ms-cpu32 Version-

Ovarro ≫ Tbox Ms-cpu32-s2 Firmware Version <= 1.50.598

Ovarro ≫ Tbox Ms-cpu32-s2 Version-

Ovarro ≫ Tbox Lt2 Firmware Version <= 1.50.598

Ovarro ≫ Tbox Lt2 Version-

Ovarro ≫ Tbox Tg2 Firmware Version <= 1.50.598

Ovarro ≫ Tbox Tg2 Version-

Ovarro ≫ Tbox Rm2 Firmware Version <= 1.50.598

Ovarro ≫ Tbox Rm2 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.275

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03

Third Party Advisory

US Government Resource

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2023-36607

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-36607

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-36607

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-36607