Radboud University

**Name of the Vulnerable Software and Affected Versions** TWinSoft Configuration Tool (affected versions not specified) **Description** The issue concerns the storage of encrypted passwords as plaintext in memory by the TWinSoft Configuration Tool. An attacker with access to system files could load a document into memory, gaining access to sensitive information, including passwords. The attacker could then use a memory viewer to obtain the plaintext password. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TBox RTUs (affected versions not specified) **Description** The issue concerns the use of MD5 encryption for storing hashed passwords in TBox RTUs, which is considered an insecure encryption algorithm. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TBox RTUs (affected versions not specified) **Description** The issue concerns TBox RTUs that run OpenVPN with root privileges and are capable of executing user-defined configuration scripts. An attacker can set up a local OpenVPN server and push a malicious script to the TBox host, potentially acquiring root privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TBox RTUs (affected versions not specified) **Description** The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successfully brute force the token and authenticate themselves. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TBox RTUs (affected versions not specified) **Description** The issue allows low privilege users to access software security tokens of higher privilege. This could enable an attacker with `user` privileges to access files requiring higher privileges by establishing an SSH session and providing the other tokens. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TBox RTUs (affected versions not specified) **Description** The issue concerns missing authorization for running certain API commands, which could allow an attacker to reveal sensitive information, including software versions and web server file contents. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.