6.5
CVE-2023-36611
- EPSS 0.08%
- Veröffentlicht 03.07.2023 21:15:10
- Zuletzt bearbeitet 21.11.2024 08:10:04
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginThe affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with “user” privileges to access files requiring higher privileges by establishing an SSH session and providing the other tokens.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ovarro ≫ Tbox Ms-cpu32 Firmware Version <= 1.50.598
Ovarro ≫ Tbox Ms-cpu32-s2 Firmware Version <= 1.50.598
Ovarro ≫ Tbox Lt2 Firmware Version <= 1.50.598
Ovarro ≫ Tbox Tg2 Firmware Version <= 1.50.598
Ovarro ≫ Tbox Rm2 Firmware Version <= 1.50.598
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.245 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| ics-cert@hq.dhs.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-285 Improper Authorization
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.