Multiple vulnerabilities in Ovarro TBox



Published: 2021-03-24
Risk Medium
Patch available YES
Number of vulnerabilities 5
CVE-ID CVE-2021-22646
CVE-2021-22648
CVE-2021-22642
CVE-2021-22640
CVE-2021-22644
CWE-ID CWE-94
CWE-732
CWE-400
CWE-522
CWE-321
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
TBox LT2
Hardware solutions / Firmware

TBox RM2
Hardware solutions / Firmware

TBox TG2
Hardware solutions / Firmware

TBox MS-CPU32
Hardware solutions / Firmware

TBox MS-CPU32-S2
Hardware solutions / Firmware

TWinSoft
Hardware solutions / Firmware

Vendor Ovarro

Security Bulletin

This security bulletin contains information about 5 vulnerabilities.

1) Code Injection

EUVDB-ID: #VU51689

Risk: Medium

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-22646

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation in the "ipk" package. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

TBox LT2: All versions

TBox RM2: All versions

TBox TG2: All versions

TBox MS-CPU32: before 1.46

TBox MS-CPU32-S2: before 1.46

TWinSoft: before 12.4

External links

http://ics-cert.us-cert.gov/advisories/icsa-21-054-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Incorrect permission assignment for critical resource

EUVDB-ID: #VU51690

Risk: Medium

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-22648

CWE-ID: CWE-732 - Incorrect Permission Assignment for Critical Resource

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to incorrect permission assignment for critical resource within the TBox proprietary Modbus file access functions. A remote authenticated attacker can read, alter or delete the configuration file.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

TBox LT2: All versions

TBox RM2: All versions

TBox TG2: All versions

TBox MS-CPU32: before 1.46

TBox MS-CPU32-S2: before 1.46

TWinSoft: before 12.4

External links

http://ics-cert.us-cert.gov/advisories/icsa-21-054-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Resource exhaustion

EUVDB-ID: #VU51691

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-22642

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can use specially crafted invalid Modbus frames, trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

TBox LT2: All versions

TBox RM2: All versions

TBox TG2: All versions

TBox MS-CPU32: before 1.46

TBox MS-CPU32-S2: before 1.46

TWinSoft: before 12.4

External links

http://ics-cert.us-cert.gov/advisories/icsa-21-054-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Insufficiently protected credentials

EUVDB-ID: #VU51692

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-22640

CWE-ID: CWE-522 - Insufficiently Protected Credentials

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to insufficiently protected credentials. A remote attacker can decrypt the login password by communication capture and brute force attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

TBox LT2: All versions

TBox RM2: All versions

TBox TG2: All versions

TBox MS-CPU32: before 1.46

TBox MS-CPU32-S2: before 1.46

TWinSoft: before 12.4

External links

http://ics-cert.us-cert.gov/advisories/icsa-21-054-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use of Hard-coded Cryptographic Key

EUVDB-ID: #VU51693

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-22644

CWE-ID: CWE-321 - Use of Hard-coded Cryptographic Key

Exploit availability: No

Description

The vulnerability allows a remote attacker to disclose sensitive information on the target system.

The vulnerability exists due to the TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key. A remote attacker can gain access to sensitive data on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

TBox LT2: All versions

TBox RM2: All versions

TBox TG2: All versions

TBox MS-CPU32: before 1.46

TBox MS-CPU32-S2: before 1.46

TWinSoft: before 12.4

External links

http://ics-cert.us-cert.gov/advisories/icsa-21-054-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###