CVE-2023-3395
Last modified
CVE-2023-3395 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. All versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in memory. An attacker with access to system files could open a file to load the document into memory, including sensitive information associated with document, such as password. EPSS estimates a 0.26% chance of exploitation in the next 30 days.
Description
All versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in memory. An attacker with access to system files could open a file to load the document into memory, including sensitive information associated with document, such as password. The attacker could then obtain the plaintext password by using a memory viewer.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ovarro | Tbox Ms-Cpu32 Firmware | All versions |
| Ovarro | Tbox Ms-Cpu32-S2 Firmware | All versions |
| Ovarro | Tbox Lt2 Firmware | All versions |
| Ovarro | Tbox Tg2 Firmware | All versions |
| Ovarro | Tbox Rm2 Firmware | All versions |
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03Mitigation, Third Party Advisory, US Government Resource
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03Mitigation, Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-3395?
How severe is CVE-2023-3395?
How do I fix CVE-2023-3395?
Are you affected by CVE-2023-3395?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST