CVE-2023-36610 - OpenCVE

The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successfully brute force the token and authenticate themselves.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ovarro	Tbox Lt2 Tbox Lt2 Firmware Tbox Ms-cpu32 Tbox Ms-cpu32-s2 Tbox Ms-cpu32-s2 Firmware Tbox Ms-cpu32 Firmware Tbox Rm2 Tbox Rm2 Firmware Tbox Tg2 Tbox Tg2 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:ovarro:tbox_ms-cpu32_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ovarro:tbox_ms-cpu32:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:ovarro:tbox_ms-cpu32-s2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:ovarro:tbox_lt2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ovarro:tbox_lt2:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:ovarro:tbox_tg2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ovarro:tbox_tg2:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:ovarro:tbox_rm2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ovarro:tbox_rm2:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2023-07-03T20:01:31.978Z

Updated: 2024-08-02T16:52:54.193Z

Reserved: 2023-06-23T20:39:08.361Z

Link: CVE-2023-36610

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-07-03T21:15:09.967

Modified: 2023-11-07T04:16:38.887

Link: CVE-2023-36610

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-36610", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2023-06-23T20:39:08.361Z", "datePublished": "2023-07-03T20:01:31.978Z", "dateUpdated": "2024-08-02T16:52:54.193Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "TBox MS-CPU32", "vendor": "Ovarro", "versions": [{"lessThanOrEqual": "1.50.598", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "\u200bTBox MS-CPU32-S2", "vendor": "Ovarro", "versions": [{"lessThanOrEqual": "1.50.598", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "TBox LT2", "vendor": "Ovarro", "versions": [{"lessThanOrEqual": "1.50.598", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "TBox TG2", "vendor": "Ovarro", "versions": [{"lessThanOrEqual": "1.50.598", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "TBox RM2", "vendor": "Ovarro", "versions": [{"lessThanOrEqual": "1.50.598", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Floris Hendriks"}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Jeroen Wijenbergh"}, {"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Radboud University"}], "datePublic": "2023-06-29T18:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">\u200bThe affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successfully brute force the token and authenticate themselves.</span>\n\n"}], "value": "\n\u200bThe affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successfully brute force the token and authenticate themselves.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-331", "description": "CWE-331 Insufficient Entropy", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-07-03T20:01:31.978Z"}, "references": [{"tags": ["government-resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:52:54.193Z"}, "title": "CVE Program Container", "references": [{"tags": ["government-resource", "x_transferred"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ovarro:tbox_ms-cpu32_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "72CE5CAF-635F-4B1E-9440-3F745BA4A8BC", "versionEndIncluding": "1.50.598", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ovarro:tbox_ms-cpu32:-:*:*:*:*:*:*:*", "matchCriteriaId": "0746C27E-6100-430A-8005-F71C8D24E827", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ovarro:tbox_ms-cpu32-s2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EC6FAD9F-D3BE-4E69-A2EE-D08494FC5866", "versionEndIncluding": "1.50.598", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:-:*:*:*:*:*:*:*", "matchCriteriaId": "1753583A-93AC-4DBE-8E2C-A4816B8D1D11", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ovarro:tbox_lt2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "659B7A35-F886-44E9-9E1B-550B50F3C0F5", "versionEndIncluding": "1.50.598", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ovarro:tbox_lt2:-:*:*:*:*:*:*:*", "matchCriteriaId": "AACB5343-6982-4BC9-8173-E62160DF4595", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ovarro:tbox_tg2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "54A1620A-B664-4D8F-A34F-B6E07CC5BE33", "versionEndIncluding": "1.50.598", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ovarro:tbox_tg2:-:*:*:*:*:*:*:*", "matchCriteriaId": "551340E5-D721-40F1-8D14-CBF87A68BFB3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ovarro:tbox_rm2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DD6F3E7D-E5E9-44E1-B066-5D6382C30D2E", "versionEndIncluding": "1.50.598", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ovarro:tbox_rm2:-:*:*:*:*:*:*:*", "matchCriteriaId": "F73C576F-9BAB-4C8E-9B47-9C930B67C910", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\n\u200bThe affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successfully brute force the token and authenticate themselves.\n\n"}], "id": "CVE-2023-36610", "lastModified": "2023-11-07T04:16:38.887", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2023-07-03T21:15:09.967", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-331"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}