Lucene search

[email protected]CVE-2021-22642

HistoryJul 28, 2022 - 3:15 p.m.

CVE-2021-22642

2022-07-2815:15:07

CWE-400

[email protected]

web.nvd.nist.gov

cve-2021-22642

attacker

crafted

modbus frames

crash

ovarro tbox

security vulnerability

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.7%

JSON

An attacker could use specially crafted invalid Modbus frames to crash the Ovarro TBox system.

Affected configurations

NVD

Node

ovarrotwinsoftRange<12.4

Node

ovarrotbox_lt2-530Match-

AND

ovarrotbox_lt2-530_firmwareRange<1.46

Node

ovarrotbox_lt2-532Match-

AND

ovarrotbox_lt2-532_firmwareRange<1.46

Node

ovarrotbox_lt2-540Match-

AND

ovarrotbox_lt2-540_firmwareRange<1.46

Node

ovarrotbox_ms-cpu32Match-

AND

ovarrotbox_ms-cpu32_firmwareRange<1.46

Node

ovarrotbox_ms-cpu32-s2Match-

AND

ovarrotbox_ms-cpu32-s2_firmwareRange<1.46

Node

ovarrotbox_rm2Match-

AND

ovarrotbox_rm2_firmwareRange<1.46

Node

ovarrotbox_tg2Match-

AND

ovarrotbox_tg2_firmwareRange<1.46

CPENameOperatorVersion
ovarro:twinsoftovarro twinsoftlt12.4

CPE	Name	Operator	Version
ovarro:twinsoft	ovarro twinsoft	lt	12.4

CNA Affected

[
  {
    "product": "TBox",
    "vendor": "Ovarro",
    "versions": [
      {
        "status": "affected",
        "version": "LT2"
      },
      {
        "status": "affected",
        "version": "MS-CPU32"
      },
      {
        "status": "affected",
        "version": "MS-CPU32-S2"
      },
      {
        "status": "affected",
        "version": "RM2"
      },
      {
        "status": "affected",
        "version": "TG2"
      }
    ]
  }
]