Remote code execution

2022-07-2815:15:00

PRIOn knowledge base

www.prio-n.com

9.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

65.1%

JSON

The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution.

CPENameOperatorVersion
tbox_lt2-530_firmwarelt1.46
tbox_lt2-532_firmwarelt1.46
tbox_lt2-540_firmwarelt1.46
tbox_ms-cpu32-s2_firmwarelt1.46
tbox_ms-cpu32_firmwarelt1.46
tbox_rm2_firmwarelt1.46
tbox_tg2_firmwarelt1.46
twinsoftlt12.4

Name	Operator	Version
tbox_lt2-530_firmware	lt	1.46
tbox_lt2-532_firmware	lt	1.46
tbox_lt2-540_firmware	lt	1.46
tbox_ms-cpu32-s2_firmware	lt	1.46
tbox_ms-cpu32_firmware	lt	1.46
tbox_rm2_firmware	lt	1.46
tbox_tg2_firmware	lt	1.46
twinsoft	lt	12.4

References

www.cisa.gov/uscert/ics/advisories/icsa-21-054-04