Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

TBox MS-CPU32 Security Vulnerabilities

cve
cve

CVE-2023-3395

​All versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in memory. An attacker with access to system files could open a file to load the document into memory, including sensitive information associated with document, such as password. The attacker could then obtain.....

6.5CVSS

6.4AI Score

0.0005EPSS

2023-07-03 09:15 PM
6
cve
cve

CVE-2023-36611

The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with “user” privileges to access files requiring higher privileges by establishing an SSH session and providing the other...

6.5CVSS

6.5AI Score

0.0005EPSS

2023-07-03 09:15 PM
7
cve
cve

CVE-2023-36610

​The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could...

5.9CVSS

6.1AI Score

0.001EPSS

2023-07-03 09:15 PM
8
cve
cve

CVE-2023-36609

The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root...

7.2CVSS

6.7AI Score

0.001EPSS

2023-07-03 08:15 PM
13
cve
cve

CVE-2023-36608

The affected TBox RTUs store hashed passwords using MD5 encryption, which is an insecure encryption...

6.5CVSS

6.6AI Score

0.0005EPSS

2023-07-03 08:15 PM
8
cve
cve

CVE-2023-36607

The affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file...

5.3CVSS

6AI Score

0.0005EPSS

2023-06-29 09:15 PM
20
cve
cve

CVE-2021-22640

An attacker can decrypt the Ovarro TBox login password by communication capture and brute force...

9.8CVSS

9.5AI Score

0.002EPSS

2022-07-28 03:15 PM
31
10
cve
cve

CVE-2021-22642

An attacker could use specially crafted invalid Modbus frames to crash the Ovarro TBox...

7.5CVSS

7.9AI Score

0.001EPSS

2022-07-28 03:15 PM
34
4
cve
cve

CVE-2021-22644

Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded...

9.8CVSS

9.4AI Score

0.002EPSS

2022-07-28 03:15 PM
33
10
cve
cve

CVE-2021-22646

The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code...

9.8CVSS

9.7AI Score

0.002EPSS

2022-07-28 03:15 PM
36
6
cve
cve

CVE-2021-22648

Ovarro TBox proprietary Modbus file access functions allow attackers to read, alter, or delete the configuration...

9.8CVSS

9.4AI Score

0.002EPSS

2022-07-28 03:15 PM
41
2
cve
cve

CVE-2021-22650

An attacker may use TWinSoft and a malicious source project file (TPG) to extract files on machine executing Ovarro TWinSoft, which could lead to code...

9.8CVSS

9.5AI Score

0.005EPSS

2022-07-28 03:15 PM
38
4