The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successfully brute force the token and authenticate themselves.
Metrics
Affected Vendors & Products
References
History
Fri, 25 Oct 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: icscert
Published: 2023-07-03T20:01:31.978Z
Updated: 2024-10-25T13:08:23.603Z
Reserved: 2023-06-23T20:39:08.361Z
Link: CVE-2023-36610
Vulnrichment
Updated: 2024-08-02T16:52:54.193Z
NVD
Status : Modified
Published: 2023-07-03T21:15:09.967
Modified: 2024-11-21T08:10:04.070
Link: CVE-2023-36610
Redhat
No data.