ICSA-21-054-04 · Published 2021-09-23 · View on CISA ICS-CERT ↗

Ovarro TBox (Update A)

CVSS 8.8 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could result in remote code execution, which may cause a denial-of-service condition.

CVE-2021-22646 CVE-2021-22648 CVE-2021-22642 CVE-2021-22640 CVE-2021-22644 CVE-2021-22650

Ovarro recommends affected users update to 12.5 or later of TWinSoft to mitigate these vulnerabilities.
The latest version can be found on www.ovarro.com in the customer support section (service portal).

Ovarro

Ovarro · TBox MS-CPU32-S2 < 12.4 (firmware 1.46)

Ovarro · TBox MS-CPU32 < 12.4 (firmware 1.46)

Ovarro · TBox TG2 (All models) < 12.4 (firmware 1.46)

Ovarro · TBox RM2 (All models) < 12.4 (firmware 1.46)

Ovarro · TBoxLT2 (All models) < 12.4 (firmware 1.46)

Critical Manufacturing

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.