How severe is CVE-2023-36609?

CVE-2023-36609 has a CVSS v3 score of 7.2 (HIGH).

CVE-2023-36609

7.2HIGH

The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host

Published: 7/3/2023Updated: 11/21/2024

Description

The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges.

AI AnalysisPowered by AI

Affected Products

ovarrotbox_ms-cpu32_firmware

ovarrotbox_ms-cpu32

ovarrotbox_ms-cpu32-s2_firmware

ovarrotbox_ms-cpu32-s2

ovarrotbox_lt2_firmware

ovarrotbox_lt2

ovarrotbox_tg2_firmware

ovarrotbox_tg2

ovarrotbox_rm2_firmware

ovarrotbox_rm2

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03
MitigationThird Party AdvisoryUS Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03
MitigationThird Party AdvisoryUS Government Resource