CVE-2023-3395
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
All versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in memory. An attacker with access to system files could open a file to load the document into memory, including sensitive information associated with document, such as password. The attacker could then obtain the plaintext password by using a memory viewer.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Ovarro | TBox MS-CPU32 | 0 <= 1.50.598 | affected |
| Ovarro | TBox MS-CPU32-S2 | 0 <= 1.50.598 | affected |
| Ovarro | TBox LT2 | 0 <= 1.50.598 | affected |
| Ovarro | TBox TG2 | 0 <= 1.50.598 | affected |
| Ovarro | TBox RM2 | 0 <= 1.50.598 | affected |
Weaknesses
- CWE-256: CWE-256 Plaintext Storage of a Password
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.