CVE-2023-3395

Опубликовано: 03 июл. 2023

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

All versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in memory. An attacker with access to system files could open a file to load the document into memory, including sensitive information associated with document, such as password. The attacker could then obtain the plaintext password by using a memory viewer.

Ссылки

https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03
Mitigation
Third Party Advisory
US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03
Mitigation
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:ovarro:tbox_ms-cpu32_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ovarro:tbox_ms-cpu32:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:ovarro:tbox_ms-cpu32-s2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:ovarro:tbox_lt2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ovarro:tbox_lt2:-:*:*:*:*:*:*:*

Конфигурация 4

Одновременно

cpe:2.3:o:ovarro:tbox_tg2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ovarro:tbox_tg2:-:*:*:*:*:*:*:*

Конфигурация 5

Одновременно

cpe:2.3:o:ovarro:tbox_rm2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ovarro:tbox_rm2:-:*:*:*:*:*:*:*

EPSS

Процентиль: 11%

0.00038

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-256

CWE-312

Связанные уязвимости

GHSA-mj3g-5jvr-4w7h

CVSS3: 6.5

github

больше 2 лет назад

?All versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in memory. An attacker with access to system files could open a file to load the document into memory, including sensitive information associated with document, such as password. The attacker could then obtain the plaintext password by using a memory viewer.

EPSS

Процентиль: 11%

0.00038

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-256

CWE-312