CVE-2023-36607

Summary

The affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file contents.

Affected Software

VendorProductVersion RangeStatus
OvarroTBox RM20 <= 1.50.598affected
OvarroTBox TG20 <= 1.50.598affected
OvarroTBox LT20 <= 1.50.598affected
OvarroTBox MS-CPU32-S20 <= 1.50.598affected
OvarroTBox MS-CPU320 <= 1.50.598affected

Weaknesses

  • CWE-862: CWE-862 Missing Authorization

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References