Vulnerabilidades em Ovarro
12 resultadosCVE-2021-22646HIGHOvarro TBox Code InjectionEPSS 1.1%CVE-2021-22650HIGHOvarro TBox Relative Path TraversalEPSS 1.0%CVE-2021-22648HIGHOvarro TBox Incorrect Permission Assignment for Critical ResourceEPSS 0.7%CVE-2021-22642HIGHOvarro TBox Uncontrolled Resource ConsumptionEPSS 0.7%CVE-2021-22640HIGHOvarro TBox Insufficiently Protected CredentialsEPSS 0.7%CVE-2021-22644HIGHOvarro TBox Use of Hard-coded Cryptographic KeyEPSS 0.7%CVE-2023-36609HIGH
The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpEPSS 0.6%CVE-2023-36610MEDIUM
The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens EPSS 0.4%CVE-2023-36611MEDIUM
The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with EPSS 0.4%CVE-2023-36607—CVE-2023-36607EPSS 0.4%CVE-2023-3395MEDIUM
All versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in memory. An attacker with access to system files EPSS 0.3%CVE-2023-36608MEDIUM
The affected TBox RTUs store hashed passwords using MD5 encryption, which is an insecure encryption algorithm.EPSS 0.2%