Vulnerabilities > Ovarro
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-03 | CVE-2023-36610 | Insufficient Entropy vulnerability in Ovarro products ?The affected TBox RTUs generate software security tokens using insufficient entropy. | 5.9 |
| 2023-07-03 | CVE-2023-36611 | Improper Authorization vulnerability in Ovarro products The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. | 6.5 |
| 2023-07-03 | CVE-2023-3395 | Cleartext Storage of Sensitive Information vulnerability in Ovarro products ?All versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in memory. | 6.5 |
| 2023-07-03 | CVE-2023-36608 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Ovarro products The affected TBox RTUs store hashed passwords using MD5 encryption, which is an insecure encryption algorithm. | 6.5 |
| 2023-07-03 | CVE-2023-36609 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Ovarro products The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. | 7.2 |
| 2023-06-29 | CVE-2023-36607 | Missing Authorization vulnerability in Ovarro products The affected TBox RTUs are missing authorization for running some API commands. | 5.3 |
| 2022-07-28 | CVE-2021-22640 | Improper Restriction of Excessive Authentication Attempts vulnerability in Ovarro products An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks. | 9.8 |