Filtered by vendor Ovarro
Subscriptions
Filtered by product Tbox Lt2-532
Subscriptions
Total
6 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-22648 | 1 Ovarro | 15 Tbox Lt2-530, Tbox Lt2-530 Firmware, Tbox Lt2-532 and 12 more | 2024-08-03 | 8.8 High |
Ovarro TBox proprietary Modbus file access functions allow attackers to read, alter, or delete the configuration file. | ||||
CVE-2021-22650 | 1 Ovarro | 15 Tbox Lt2-530, Tbox Lt2-530 Firmware, Tbox Lt2-532 and 12 more | 2024-08-03 | 7.5 High |
An attacker may use TWinSoft and a malicious source project file (TPG) to extract files on machine executing Ovarro TWinSoft, which could lead to code execution. | ||||
CVE-2021-22640 | 1 Ovarro | 15 Tbox Lt2-530, Tbox Lt2-530 Firmware, Tbox Lt2-532 and 12 more | 2024-08-03 | 7.5 High |
An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks. | ||||
CVE-2021-22644 | 1 Ovarro | 15 Tbox Lt2-530, Tbox Lt2-530 Firmware, Tbox Lt2-532 and 12 more | 2024-08-03 | 7.5 High |
Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key. | ||||
CVE-2021-22646 | 1 Ovarro | 15 Tbox Lt2-530, Tbox Lt2-530 Firmware, Tbox Lt2-532 and 12 more | 2024-08-03 | 8.8 High |
The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution. | ||||
CVE-2021-22642 | 1 Ovarro | 15 Tbox Lt2-530, Tbox Lt2-530 Firmware, Tbox Lt2-532 and 12 more | 2024-08-03 | 7.5 High |
An attacker could use specially crafted invalid Modbus frames to crash the Ovarro TBox system. |
Page 1 of 1.