TBox
Products
2- 4 CVEs
- 1 CVE
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-36611 | 0.00 | — | 0.00 | Jul 3, 2023 | The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with “user” privileges to access files requiring higher privileges by establishing an SSH session and providing the other tokens. | |||
| CVE-2023-36610 | 0.00 | — | 0.00 | Jul 3, 2023 | The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this… | |||
| CVE-2023-36609 | 0.00 | — | 0.01 | Jul 3, 2023 | The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges. | |||
| CVE-2020-10624 | 0.00 | — | 0.01 | Jun 26, 2020 | ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes a session token on the network. | |||
| CVE-2020-10628 | 0.00 | — | 0.01 | Jun 26, 2020 | ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes unencrypted passwords on the network. |
- CVE-2023-36611Jul 3, 2023risk 0.00cvss —epss 0.00
The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with “user” privileges to access files requiring higher privileges by establishing an SSH session and providing the other tokens.
- CVE-2023-36610Jul 3, 2023risk 0.00cvss —epss 0.00
The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this…
- CVE-2023-36609Jul 3, 2023risk 0.00cvss —epss 0.01
The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges.
- CVE-2020-10624Jun 26, 2020risk 0.00cvss —epss 0.01
ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes a session token on the network.
- CVE-2020-10628Jun 26, 2020risk 0.00cvss —epss 0.01
ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes unencrypted passwords on the network.