The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successfully brute force the token and authenticate themselves.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: icscert
Published: 2023-07-03T20:01:31.978Z
Updated: 2024-08-02T16:52:54.193Z
Reserved: 2023-06-23T20:39:08.361Z
Link: CVE-2023-36610
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-07-03T21:15:09.967
Modified: 2023-11-07T04:16:38.887
Link: CVE-2023-36610
Redhat
No data.