The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges.
Metrics
Affected Vendors & Products
References
History
Mon, 25 Nov 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: icscert
Published: 2023-07-03T19:59:08.547Z
Updated: 2024-11-25T18:11:48.466Z
Reserved: 2023-06-23T20:39:08.361Z
Link: CVE-2023-36609
Vulnrichment
Updated: 2024-08-02T16:52:53.785Z
NVD
Status : Modified
Published: 2023-07-03T20:15:09.537
Modified: 2024-11-21T08:10:03.853
Link: CVE-2023-36609
Redhat
No data.