Vulnerabilities > Ovarro > Tbox LT2 540 Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-28 | CVE-2021-22640 | Improper Restriction of Excessive Authentication Attempts vulnerability in Ovarro products An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks. | 9.8 |
| 2022-07-28 | CVE-2021-22642 | Resource Exhaustion vulnerability in Ovarro products An attacker could use specially crafted invalid Modbus frames to crash the Ovarro TBox system. | 7.5 |
| 2022-07-28 | CVE-2021-22644 | Use of Hard-coded Credentials vulnerability in Ovarro products Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key. | 9.8 |
| 2022-07-28 | CVE-2021-22646 | Unspecified vulnerability in Ovarro products The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution. | 9.8 |
| 2022-07-28 | CVE-2021-22648 | Incorrect Permission Assignment for Critical Resource vulnerability in Ovarro products Ovarro TBox proprietary Modbus file access functions allow attackers to read, alter, or delete the configuration file. | 9.8 |
| 2022-07-28 | CVE-2021-22650 | Path Traversal vulnerability in Ovarro products An attacker may use TWinSoft and a malicious source project file (TPG) to extract files on machine executing Ovarro TWinSoft, which could lead to code execution. | 9.8 |