Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Ovarro Subscribe
Filtered by product Tbox Lt2-532
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-22650 1 Ovarro 15 Tbox Lt2-530, Tbox Lt2-530 Firmware, Tbox Lt2-532 and 12 more 2022-08-04 N/A 9.8 CRITICAL
An attacker may use TWinSoft and a malicious source project file (TPG) to extract files on machine executing Ovarro TWinSoft, which could lead to code execution.
CVE-2021-22646 1 Ovarro 15 Tbox Lt2-530, Tbox Lt2-530 Firmware, Tbox Lt2-532 and 12 more 2022-08-04 N/A 9.8 CRITICAL
The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution.
CVE-2021-22644 1 Ovarro 15 Tbox Lt2-530, Tbox Lt2-530 Firmware, Tbox Lt2-532 and 12 more 2022-08-04 N/A 9.8 CRITICAL
Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key.
CVE-2021-22642 1 Ovarro 15 Tbox Lt2-530, Tbox Lt2-530 Firmware, Tbox Lt2-532 and 12 more 2022-08-04 N/A 7.5 HIGH
An attacker could use specially crafted invalid Modbus frames to crash the Ovarro TBox system.
CVE-2021-22648 1 Ovarro 15 Tbox Lt2-530, Tbox Lt2-530 Firmware, Tbox Lt2-532 and 12 more 2022-08-04 N/A 9.8 CRITICAL
Ovarro TBox proprietary Modbus file access functions allow attackers to read, alter, or delete the configuration file.
CVE-2021-22640 1 Ovarro 15 Tbox Lt2-530, Tbox Lt2-530 Firmware, Tbox Lt2-532 and 12 more 2022-08-04 N/A 9.8 CRITICAL
An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks.