Vulnerabilities > CVE-2023-36611 - Unspecified vulnerability in Ovarro products

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

ovarro

NVD

Published: 2023-07-03

Updated: 2024-11-21

Summary

The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with “user” privileges to access files requiring higher privileges by establishing an SSH session and providing the other tokens.

Vulnerable Configurations

Part	Description	Count
OS	Ovarro Ovarro Tbox MS Cpu32 Firmware - Ovarro Tbox MS Cpu32 S2 Firmware - Ovarro Tbox LT2 Firmware - Ovarro Tbox LT2 Firmware 1.46 Ovarro Tbox LT2 Firmware 1.50.598 Ovarro Tbox TG2 Firmware - Ovarro Tbox RM2 Firmware -	7
Hardware	Ovarro Ovarro Tbox MS Cpu32 - Ovarro Tbox MS Cpu32 S2 - Ovarro Tbox LT2 - Ovarro Tbox TG2 - Ovarro Tbox RM2 -	5

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03
https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03