Vulnerabilities > Ovarro

DATE CVE VULNERABILITY TITLE RISK
2023-07-03 CVE-2023-36610 Unspecified vulnerability in Ovarro products
?The affected TBox RTUs generate software security tokens using insufficient entropy.
network
high complexity
ovarro
5.9
2023-07-03 CVE-2023-36611 Unspecified vulnerability in Ovarro products
The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege.
network
low complexity
ovarro
6.5
2023-07-03 CVE-2023-3395 Cleartext Storage of Sensitive Information vulnerability in Ovarro products
?All versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in memory.
network
low complexity
ovarro CWE-312
6.5
2023-07-03 CVE-2023-36608 Unspecified vulnerability in Ovarro products
The affected TBox RTUs store hashed passwords using MD5 encryption, which is an insecure encryption algorithm.
network
low complexity
ovarro
6.5
2023-07-03 CVE-2023-36609 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Ovarro products
The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts.
network
low complexity
ovarro CWE-829
7.2
2023-06-29 CVE-2023-36607 Unspecified vulnerability in Ovarro products
The affected TBox RTUs are missing authorization for running some API commands.
network
low complexity
ovarro
5.3
2022-07-28 CVE-2021-22640 Improper Restriction of Excessive Authentication Attempts vulnerability in Ovarro products
An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks.
network
low complexity
ovarro CWE-307
critical
9.8
2022-07-28 CVE-2021-22642 Resource Exhaustion vulnerability in Ovarro products
An attacker could use specially crafted invalid Modbus frames to crash the Ovarro TBox system.
network
low complexity
ovarro CWE-400
7.5
2022-07-28 CVE-2021-22644 Use of Hard-coded Credentials vulnerability in Ovarro products
Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key.
network
low complexity
ovarro CWE-798
critical
9.8
2022-07-28 CVE-2021-22646 Unspecified vulnerability in Ovarro products
The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution.
network
low complexity
ovarro
critical
9.8