CVE-2023-36610

MEDIUM

TBox RTUs - Info Disclosure

Title source: llm

Description

The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successfully brute force the token and authenticate themselves.

References (1)

[Mitigation, Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03

Scores

CVSS v3 5.9

EPSS 0.0014

EPSS Percentile 34.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-331

Status published

Products (5)

ovarro/tbox_lt2_firmware < 1.50.598

ovarro/tbox_ms-cpu32-s2_firmware < 1.50.598

ovarro/tbox_ms-cpu32_firmware < 1.50.598

ovarro/tbox_rm2_firmware < 1.50.598

ovarro/tbox_tg2_firmware < 1.50.598

Published Jul 03, 2023

Tracked Since Feb 18, 2026