CVE-2023-3395

?All versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in memory. An attacker with access to system files could open a file to load the document into memory, including sensitive information associated with document, such as password. The attacker could then obtain the plaintext password by using a memory viewer.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03	Mitigation Third Party Advisory US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03	Mitigation Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:ovarro:tbox_ms-cpu32_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ovarro:tbox_ms-cpu32:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:ovarro:tbox_ms-cpu32-s2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:ovarro:tbox_lt2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ovarro:tbox_lt2:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:ovarro:tbox_tg2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ovarro:tbox_tg2:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:ovarro:tbox_rm2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ovarro:tbox_rm2:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:17

Type	Values Removed	Values Added
References	~~() https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03 - Mitigation, Third Party Advisory, US Government Resource~~	() https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03 - Mitigation, Third Party Advisory, US Government Resource

07 Jul 2023, 21:41

Type	Values Removed	Values Added
CWE	~~CWE-256~~	CWE-312
First Time		Ovarro tbox Lt2 Ovarro tbox Lt2 Firmware Ovarro tbox Rm2 Firmware Ovarro tbox Tg2 Ovarro tbox Tg2 Firmware Ovarro tbox Ms-cpu32-s2 Firmware Ovarro tbox Rm2 Ovarro tbox Ms-cpu32 Ovarro tbox Ms-cpu32 Firmware Ovarro Ovarro tbox Ms-cpu32-s2
References	~~(MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03 -~~	(MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03 - Mitigation, Third Party Advisory, US Government Resource
CPE		cpe:2.3:h:ovarro:tbox_lt2:-:::::::* cpe:2.3:o:ovarro:tbox_lt2_firmware:-:::::::* cpe:2.3:o:ovarro:tbox_ms-cpu32-s2_firmware:-:::::::* cpe:2.3:h:ovarro:tbox_ms-cpu32:-:::::::* cpe:2.3:o:ovarro:tbox_tg2_firmware:-:::::::* cpe:2.3:o:ovarro:tbox_ms-cpu32_firmware:-:::::::* cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:-:::::::* cpe:2.3:h:ovarro:tbox_rm2:-:::::::* cpe:2.3:o:ovarro:tbox_rm2_firmware:-:::::::* cpe:2.3:h:ovarro:tbox_tg2:-:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5

03 Jul 2023, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-07-03 21:15

Updated : 2024-11-21 08:17

NVD link : CVE-2023-3395

Mitre link : CVE-2023-3395

CVE.ORG link : CVE-2023-3395

JSON object : View

Products Affected

ovarro

tbox_lt2
tbox_tg2_firmware
tbox_ms-cpu32_firmware
tbox_tg2
tbox_ms-cpu32
tbox_rm2
tbox_lt2_firmware
tbox_ms-cpu32-s2_firmware
tbox_ms-cpu32-s2
tbox_rm2_firmware

CWE

CWE-256

Plaintext Storage of a Password

CWE-312

Cleartext Storage of Sensitive Information

6.5 /10