​The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successfully brute force the token and authenticate themselves.
History

Fri, 25 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2023-07-03T20:01:31.978Z

Updated: 2024-10-25T13:08:23.603Z

Reserved: 2023-06-23T20:39:08.361Z

Link: CVE-2023-36610

cve-icon Vulnrichment

Updated: 2024-08-02T16:52:54.193Z

cve-icon NVD

Status : Modified

Published: 2023-07-03T21:15:09.967

Modified: 2024-11-21T08:10:04.070

Link: CVE-2023-36610

cve-icon Redhat

No data.