Filtered by vendor Ovarro
Subscriptions
Filtered by product Tbox Lt2-530 Firmware
Subscriptions
Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-22640 | 1 Ovarro | 15 Tbox Lt2-530, Tbox Lt2-530 Firmware, Tbox Lt2-532 and 12 more | 2023-08-08 | 9.8 Critical |
| An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks. | ||||
| CVE-2021-22650 | 1 Ovarro | 15 Tbox Lt2-530, Tbox Lt2-530 Firmware, Tbox Lt2-532 and 12 more | 2022-08-04 | 9.8 Critical |
| An attacker may use TWinSoft and a malicious source project file (TPG) to extract files on machine executing Ovarro TWinSoft, which could lead to code execution. | ||||
| CVE-2021-22646 | 1 Ovarro | 15 Tbox Lt2-530, Tbox Lt2-530 Firmware, Tbox Lt2-532 and 12 more | 2022-08-04 | 9.8 Critical |
| The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution. | ||||
| CVE-2021-22644 | 1 Ovarro | 15 Tbox Lt2-530, Tbox Lt2-530 Firmware, Tbox Lt2-532 and 12 more | 2022-08-04 | 9.8 Critical |
| Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key. | ||||
| CVE-2021-22642 | 1 Ovarro | 15 Tbox Lt2-530, Tbox Lt2-530 Firmware, Tbox Lt2-532 and 12 more | 2022-08-04 | 7.5 High |
| An attacker could use specially crafted invalid Modbus frames to crash the Ovarro TBox system. | ||||
| CVE-2021-22648 | 1 Ovarro | 15 Tbox Lt2-530, Tbox Lt2-530 Firmware, Tbox Lt2-532 and 12 more | 2022-08-04 | 9.8 Critical |
| Ovarro TBox proprietary Modbus file access functions allow attackers to read, alter, or delete the configuration file. | ||||
Page 1 of 1.