CVE-2021-22640

An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks...

CVE-2021-22642

An attacker could use specially crafted invalid Modbus frames to crash the Ovarro TBox system...

CVE-2021-22646

The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution...

EUVD-2021-9782

Malicious code in bioql PyPI...

EUVD-2021-9778

Malicious code in bioql PyPI...

EUVD-2021-9780

Malicious code in bioql PyPI...

EUVD-2021-9784

Malicious code in bioql PyPI...

EUVD-2021-9776

Malicious code in bioql PyPI...

CVE-2021-22644

Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key...

CVE-2021-22648

Ovarro TBox proprietary Modbus file access functions allow attackers to read, alter, or delete the configuration file...

Ovarro TBox RTUs 安全漏洞

Ovarro TBox RTUs is a modular remote monitoring and automation solution from Ovarro Germany. A security vulnerability exists in Ovarro TBox RTUs that stems from encrypted passwords being stored in plaintext in memory. An attacker could exploit the vulnerability to obtain sensitive information...

Ovarro TBox RTUs 安全特征问题漏洞

Ovarro TBox RTUs is a modular remote monitoring and automation solution from Ovarro Germany. The Ovarro TBox RTUs suffers from a security signature issue vulnerability that arises from the use of insufficient entropy to generate software security tokens, where the random seed used to generate the...

Ovarro TBox RTUs 授权问题漏洞

Ovarro TBox RTUs is a modular remote monitoring and automation solution from Ovarro Germany. An authorization issue vulnerability exists in Ovarro TBox RTUs that stems from allowing a low-privileged user to access higher-privileged software security tokens, potentially allowing an attacker to...

Ovarro TBox RTUs 加密问题漏洞

Ovarro TBox RTUs is a modular remote monitoring and automation solution from Ovarro Germany. Ovarro TBox RTUs is vulnerable to an encryption issue that arises from the use of an insecure encryption algorithm to encrypt stored hash passwords...

Ovarro TBox RTUs 安全漏洞

Ovarro TBox RTUs is a modular remote monitoring and automation solution from Ovarro Germany. The Ovarro TBox RTUs suffers from a security vulnerability that originates from running OpenVPN with root privileges and the ability to run user-defined configuration scripts, which allows an attacker to...

CISA Releases Nine Industrial Control Systems Advisories

CISA released nine Industrial Control Systems ICS advisories on June 29, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-180-01 Delta Electronics InfraSuite Device Master ICSA-23-180-02 Schneider Electric...

Ovarro TBox RTUs

1. EXECUTIVE SUMMARY ​CVSS v3 7.2 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Ovarro ​Equipment: TBox RTUs ​Vulnerabilities: Missing Authorization, Use of Broken or Risky Cryptographic Algorithm, Inclusion of Functionality from Untrusted Control Sphere, Insufficient Entropy,...

Ovarro TBox RTU 安全漏洞

Ovarro TBox RTUs is a modular remote monitoring and automation solution from Ovarro Germany. A security vulnerability exists in the Ovarro TBox RTUs that stems from a lack of authorization to run certain API commands, which could be exploited by an attacker to disclose sensitive information, such...

CVE-2021-22646

The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution...

CVE-2021-22642

An attacker could use specially crafted invalid Modbus frames to crash the Ovarro TBox system...