Show filters
6 Total Results
Displaying 1-6 of 6
Sort by:
Attacker Value
Unknown

CVE-2021-22650

Disclosure Date: July 28, 2022 (last updated February 24, 2025)
An attacker may use TWinSoft and a malicious source project file (TPG) to extract files on machine executing Ovarro TWinSoft, which could lead to code execution.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-22648

Disclosure Date: July 28, 2022 (last updated February 24, 2025)
Ovarro TBox proprietary Modbus file access functions allow attackers to read, alter, or delete the configuration file.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-22646

Disclosure Date: July 28, 2022 (last updated October 08, 2023)
The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-22644

Disclosure Date: July 28, 2022 (last updated February 24, 2025)
Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-22642

Disclosure Date: July 28, 2022 (last updated February 24, 2025)
An attacker could use specially crafted invalid Modbus frames to crash the Ovarro TBox system.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-22640

Disclosure Date: July 28, 2022 (last updated February 24, 2025)
An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0