CVE-2023-36609 - Vulnerability Details - OpenCVE

The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Ovarro	Tbox Lt2 Tbox Lt2 Firmware Tbox Ms-cpu32 Tbox Ms-cpu32-s2 Tbox Ms-cpu32-s2 Firmware Tbox Ms-cpu32 Firmware Tbox Rm2 Tbox Rm2 Firmware Tbox Tg2 Tbox Tg2 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:ovarro:tbox_ms-cpu32_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ovarro:tbox_ms-cpu32:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:ovarro:tbox_ms-cpu32-s2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:ovarro:tbox_lt2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ovarro:tbox_lt2:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:ovarro:tbox_tg2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ovarro:tbox_tg2:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:ovarro:tbox_rm2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ovarro:tbox_rm2:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03

History

Mon, 25 Nov 2024 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2023-07-03T19:59:08.547Z

Updated: 2024-11-25T18:11:48.466Z

Reserved: 2023-06-23T20:39:08.361Z

Link: CVE-2023-36609

Vulnrichment

Updated: 2024-08-02T16:52:53.785Z

NVD

Status : Modified

Published: 2023-07-03T20:15:09.537

Modified: 2024-11-21T08:10:03.853

Link: CVE-2023-36609

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-36609", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2023-06-23T20:39:08.361Z", "datePublished": "2023-07-03T19:59:08.547Z", "dateUpdated": "2024-11-25T18:11:48.466Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "TBox MS-CPU32", "vendor": "Ovarro", "versions": [{"lessThanOrEqual": "1.50.598", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "\u200bTBox MS-CPU32-S2", "vendor": "Ovarro", "versions": [{"lessThanOrEqual": "1.50.598", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "TBox LT2", "vendor": "Ovarro", "versions": [{"lessThanOrEqual": "1.50.598", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "TBox TG2", "vendor": "Ovarro", "versions": [{"lessThanOrEqual": "1.50.598", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "TBox RM2", "vendor": "Ovarro", "versions": [{"lessThanOrEqual": "1.50.598", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Floris Hendriks"}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Jeroen Wijenbergh"}, {"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Radboud University"}], "datePublic": "2023-06-29T18:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges.</span>\n\n"}], "value": "\nThe affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-829", "description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-07-03T19:59:08.547Z"}, "references": [{"tags": ["government-resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:52:53.785Z"}, "title": "CVE Program Container", "references": [{"tags": ["government-resource", "x_transferred"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"}]}, {"affected": [{"vendor": "ovarro", "product": "tbox_ms-cpu32", "cpes": ["cpe:2.3:h:ovarro:tbox_ms-cpu32:-:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.50.598", "versionType": "custom"}]}, {"vendor": "ovarro", "product": "tbox_ms-cpu32-s2", "cpes": ["cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:-:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.50.598", "versionType": "custom"}]}, {"vendor": "ovarro", "product": "tbox_tg2", "cpes": ["cpe:2.3:h:ovarro:tbox_tg2:-:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.50.598", "versionType": "custom"}]}, {"vendor": "ovarro", "product": "tbox_lt2", "cpes": ["cpe:2.3:h:ovarro:tbox_lt2:-:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.50.598", "versionType": "custom"}]}, {"vendor": "ovarro", "product": "tbox_rm2", "cpes": ["cpe:2.3:h:ovarro:tbox_rm2:-:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.50.598", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-25T18:08:41.527780Z", "id": "CVE-2023-36609", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-25T18:11:48.466Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03", "tags": ["government-resource", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:52:53.785Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-36609", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-25T18:08:41.527780Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:ovarro:tbox_ms-cpu32:-:*:*:*:*:*:*:*"], "vendor": "ovarro", "product": "tbox_ms-cpu32", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.50.598"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:-:*:*:*:*:*:*:*"], "vendor": "ovarro", "product": "tbox_ms-cpu32-s2", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.50.598"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:h:ovarro:tbox_tg2:-:*:*:*:*:*:*:*"], "vendor": "ovarro", "product": "tbox_tg2", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.50.598"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:h:ovarro:tbox_lt2:-:*:*:*:*:*:*:*"], "vendor": "ovarro", "product": "tbox_lt2", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.50.598"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:h:ovarro:tbox_rm2:-:*:*:*:*:*:*:*"], "vendor": "ovarro", "product": "tbox_rm2", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.50.598"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-25T18:11:41.896Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Floris Hendriks"}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Jeroen Wijenbergh"}, {"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Radboud University"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Ovarro", "product": "TBox MS-CPU32", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.50.598"}], "defaultStatus": "unaffected"}, {"vendor": "Ovarro", "product": "\u200bTBox MS-CPU32-S2", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.50.598"}], "defaultStatus": "unaffected"}, {"vendor": "Ovarro", "product": "TBox LT2", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.50.598"}], "defaultStatus": "unaffected"}, {"vendor": "Ovarro", "product": "TBox TG2", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.50.598"}], "defaultStatus": "unaffected"}, {"vendor": "Ovarro", "product": "TBox RM2", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.50.598"}], "defaultStatus": "unaffected"}], "datePublic": "2023-06-29T18:00:00.000Z", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03", "tags": ["government-resource"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\nThe affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges.\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges.</span>\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-829", "description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-07-03T19:59:08.547Z"}}}, "cveMetadata": {"cveId": "CVE-2023-36609", "state": "PUBLISHED", "dateUpdated": "2024-11-25T18:11:48.466Z", "dateReserved": "2023-06-23T20:39:08.361Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2023-07-03T19:59:08.547Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ovarro:tbox_ms-cpu32_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "72CE5CAF-635F-4B1E-9440-3F745BA4A8BC", "versionEndIncluding": "1.50.598", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ovarro:tbox_ms-cpu32:-:*:*:*:*:*:*:*", "matchCriteriaId": "0746C27E-6100-430A-8005-F71C8D24E827", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ovarro:tbox_ms-cpu32-s2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EC6FAD9F-D3BE-4E69-A2EE-D08494FC5866", "versionEndIncluding": "1.50.598", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:-:*:*:*:*:*:*:*", "matchCriteriaId": "1753583A-93AC-4DBE-8E2C-A4816B8D1D11", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ovarro:tbox_lt2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "659B7A35-F886-44E9-9E1B-550B50F3C0F5", "versionEndIncluding": "1.50.598", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ovarro:tbox_lt2:-:*:*:*:*:*:*:*", "matchCriteriaId": "AACB5343-6982-4BC9-8173-E62160DF4595", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ovarro:tbox_tg2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "54A1620A-B664-4D8F-A34F-B6E07CC5BE33", "versionEndIncluding": "1.50.598", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ovarro:tbox_tg2:-:*:*:*:*:*:*:*", "matchCriteriaId": "551340E5-D721-40F1-8D14-CBF87A68BFB3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ovarro:tbox_rm2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DD6F3E7D-E5E9-44E1-B066-5D6382C30D2E", "versionEndIncluding": "1.50.598", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ovarro:tbox_rm2:-:*:*:*:*:*:*:*", "matchCriteriaId": "F73C576F-9BAB-4C8E-9B47-9C930B67C910", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "\nThe affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges.\n\n"}], "id": "CVE-2023-36609", "lastModified": "2024-11-21T08:10:03.853", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-07-03T20:15:09.537", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-829"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-829"}], "source": "nvd@nist.gov", "type": "Primary"}]}