GCVE - cpe:2.3:h:ovarro:tbox_lt2-532:-:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:h:ovarro:tbox_lt2-532:-:*:*:*:*:*:*:*

part: h version: - update: *

Vendor	Ovarro (`a773400a-8cce-5204-889e-e91aa2953911`)
Product	Tbox Lt2 532 (`59a26c28-fb8d-52e1-8876-de58e38a5690`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-22650`	not_vulnerable	2026-06-03 14:43:53.315085	Ovarro TBox Relative Path Traversal HIGH (7.5) An attacker may use TWinSoft and a malicious source project file (TPG) to extract files on machine executing Ovarro TWinSoft, which could lead to code execution. Published: 2022-07-28T14:18:25.000Z Updated: 2025-04-17T15:49:09.268Z Open on db.gcve.eu Reference links https://www.cisa.gov/uscert/ics/advisories/icsa-21-054-04	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-22648`	not_vulnerable	2026-06-03 14:43:53.313626	Ovarro TBox Incorrect Permission Assignment for Critical Resource HIGH (8.8) Ovarro TBox proprietary Modbus file access functions allow attackers to read, alter, or delete the configuration file. Published: 2022-07-28T14:18:45.000Z Updated: 2025-04-17T15:48:58.949Z Open on db.gcve.eu Reference links https://www.cisa.gov/uscert/ics/advisories/icsa-21-054-04	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-22646`	not_vulnerable	2026-06-03 14:43:53.312002	Ovarro TBox Code Injection HIGH (8.8) The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution. Published: 2022-07-28T14:19:30.000Z Updated: 2025-04-17T15:48:32.572Z Open on db.gcve.eu Reference links https://www.cisa.gov/uscert/ics/advisories/icsa-21-054-04	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-22644`	not_vulnerable	2026-06-03 14:43:53.310537	Ovarro TBox Use of Hard-coded Cryptographic Key HIGH (7.5) Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key. Published: 2022-07-28T14:19:10.000Z Updated: 2025-04-17T15:48:47.601Z Open on db.gcve.eu Reference links https://www.cisa.gov/uscert/ics/advisories/icsa-21-054-04	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-22642`	not_vulnerable	2026-06-03 14:43:53.291652	Ovarro TBox Uncontrolled Resource Consumption HIGH (7.5) An attacker could use specially crafted invalid Modbus frames to crash the Ovarro TBox system. Published: 2022-07-28T14:17:44.000Z Updated: 2025-04-17T15:49:28.131Z Open on db.gcve.eu Reference links https://www.cisa.gov/uscert/ics/advisories/icsa-21-054-04	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-22640`	not_vulnerable	2026-06-03 14:43:53.282144	Ovarro TBox Insufficiently Protected Credentials HIGH (7.5) An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks. Published: 2022-07-28T14:18:04.000Z Updated: 2025-04-17T15:49:20.437Z Open on db.gcve.eu Reference links https://www.cisa.gov/uscert/ics/advisories/icsa-21-054-04	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.