Lucene search

[email protected]CVE-2021-22648

HistoryJul 28, 2022 - 3:15 p.m.

CVE-2021-22648

2022-07-2815:15:07

CWE-732

[email protected]

web.nvd.nist.gov

cve-2021-22648

ovarro tbox

modbus

file access

vulnerability

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.0%

JSON

Ovarro TBox proprietary Modbus file access functions allow attackers to read, alter, or delete the configuration file.

Affected configurations

NVD

Node

ovarrotwinsoftRange<12.4

Node

ovarrotbox_lt2-530_firmwareRange<1.46

AND

ovarrotbox_lt2-530Match-

Node

ovarrotbox_lt2-532_firmwareRange<1.46

AND

ovarrotbox_lt2-532Match-

Node

ovarrotbox_lt2-540_firmwareRange<1.46

AND

ovarrotbox_lt2-540Match-

Node

ovarrotbox_ms-cpu32_firmwareRange<1.46

AND

ovarrotbox_ms-cpu32Match-

Node

ovarrotbox_ms-cpu32-s2_firmwareRange<1.46

AND

ovarrotbox_ms-cpu32-s2Match-

Node

ovarrotbox_rm2_firmwareRange<1.46

AND

ovarrotbox_rm2Match-

Node

ovarrotbox_tg2_firmwareRange<1.46

AND

ovarrotbox_tg2Match-

CPENameOperatorVersion
ovarro:twinsoftovarro twinsoftlt12.4

CPE	Name	Operator	Version
ovarro:twinsoft	ovarro twinsoft	lt	12.4

CNA Affected

[
  {
    "product": "TBox",
    "vendor": "Ovarro",
    "versions": [
      {
        "status": "affected",
        "version": "LT2"
      },
      {
        "status": "affected",
        "version": "MS-CPU32"
      },
      {
        "status": "affected",
        "version": "MS-CPU32-S2"
      },
      {
        "status": "affected",
        "version": "RM2"
      },
      {
        "status": "affected",
        "version": "TG2"
      }
    ]
  }
]