CVSS: 5.3EPSS: 0%CPEs: 10EXPL: 0CVE-2023-36607 – CVE-2023-36607
https://notcve.org/view.php?id=CVE-2023-36607
The affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file contents. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03 • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 15EXPL: 0CVE-2021-22646 – Ovarro TBox Code Injection
https://notcve.org/view.php?id=CVE-2021-22646
The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution. El paquete "ipk" que contiene la configuración creada por TWinSoft puede ser cargado, extraído y ejecutado en Ovarro TBox, permitiendo la ejecución de código malicioso • https://www.cisa.gov/uscert/ics/advisories/icsa-21-054-04 •
CVSS: 9.8EPSS: 0%CPEs: 15EXPL: 0CVE-2021-22644 – Ovarro TBox Use of Hard-coded Cryptographic Key
https://notcve.org/view.php?id=CVE-2021-22644
Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key. Ovarro TBox TWinSoft usa el usuario personalizado "TWinSoft" con una clave embebida • https://www.cisa.gov/uscert/ics/advisories/icsa-21-054-04 • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 0%CPEs: 15EXPL: 0CVE-2021-22648 – Ovarro TBox Incorrect Permission Assignment for Critical Resource
https://notcve.org/view.php?id=CVE-2021-22648
Ovarro TBox proprietary Modbus file access functions allow attackers to read, alter, or delete the configuration file. Las funciones de acceso a archivos Modbus propietarias de Ovarro TBox permiten a atacantes leer, alterar o eliminar el archivo de configuración • https://www.cisa.gov/uscert/ics/advisories/icsa-21-054-04 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 0%CPEs: 15EXPL: 0CVE-2021-22650 – Ovarro TBox Relative Path Traversal
https://notcve.org/view.php?id=CVE-2021-22650
An attacker may use TWinSoft and a malicious source project file (TPG) to extract files on machine executing Ovarro TWinSoft, which could lead to code execution. Un atacante puede usar TWinSoft y un archivo de proyecto fuente malicioso (TPG) para extraer archivos en la máquina que ejecuta Ovarro TWinSoft, lo que podría conllevar a una ejecución de código • https://www.cisa.gov/uscert/ics/advisories/icsa-21-054-04 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •