Vulnerabilities > CVE-2023-36610 - Unspecified vulnerability in Ovarro products

CVSS 5.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

high complexity

ovarro

NVD

Published: 2023-07-03

Updated: 2024-11-21

Summary

?The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successfully brute force the token and authenticate themselves.

Vulnerable Configurations

Part	Description	Count
OS	Ovarro Ovarro Tbox MS Cpu32 Firmware - Ovarro Tbox MS Cpu32 S2 Firmware - Ovarro Tbox LT2 Firmware - Ovarro Tbox LT2 Firmware 1.46 Ovarro Tbox LT2 Firmware 1.50.598 Ovarro Tbox TG2 Firmware - Ovarro Tbox RM2 Firmware -	7
Hardware	Ovarro Ovarro Tbox MS Cpu32 - Ovarro Tbox MS Cpu32 S2 - Ovarro Tbox LT2 - Ovarro Tbox TG2 - Ovarro Tbox RM2 -	5

Summary

Vulnerable Configurations

References