Vulnerabilities
Vulnerable Software
Ovarro:  >> Twinsoft  Security Vulnerabilities
An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-07-28
An attacker could use specially crafted invalid Modbus frames to crash the Ovarro TBox system.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-07-28
Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-07-28
The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-07-28
Ovarro TBox proprietary Modbus file access functions allow attackers to read, alter, or delete the configuration file.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-07-28
An attacker may use TWinSoft and a malicious source project file (TPG) to extract files on machine executing Ovarro TWinSoft, which could lead to code execution.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-07-28


Contact Us

Shodan ® - All rights reserved