Unauthorized API Commands in TBox RTUs Expose Sensitive Information

Unauthorized API Commands in TBox RTUs Expose Sensitive Information

CVE-2023-36607 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

The affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file contents.

Learn more about our Web App Pen Testing.