Vulnerability Description
The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution.
CVSS Score
8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ovarro | Twinsoft | < 12.4 |
| Ovarro | Tbox Lt2-530 Firmware | < 1.46 |
| Ovarro | Tbox Lt2-530 | - |
| Ovarro | Tbox Lt2-532 Firmware | < 1.46 |
| Ovarro | Tbox Lt2-532 | - |
| Ovarro | Tbox Lt2-540 Firmware | < 1.46 |
| Ovarro | Tbox Lt2-540 | - |
| Ovarro | Tbox Ms-Cpu32 Firmware | < 1.46 |
| Ovarro | Tbox Ms-Cpu32 | - |
| Ovarro | Tbox Ms-Cpu32-S2 Firmware | < 1.46 |
| Ovarro | Tbox Ms-Cpu32-S2 | - |
| Ovarro | Tbox Rm2 Firmware | < 1.46 |
| Ovarro | Tbox Rm2 | - |
| Ovarro | Tbox Tg2 Firmware | < 1.46 |
| Ovarro | Tbox Tg2 | - |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/uscert/ics/advisories/icsa-21-054-04Third Party AdvisoryUS Government Resource
- https://www.cisa.gov/uscert/ics/advisories/icsa-21-054-04Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2021-22646?
CVE-2021-22646 is a vulnerability with a CVSS score of 8.8 (HIGH). The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution.
How severe is CVE-2021-22646?
CVE-2021-22646 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-22646?
Check the references section above for vendor advisories and patch information. Affected products include: Ovarro Twinsoft, Ovarro Tbox Lt2-530 Firmware, Ovarro Tbox Lt2-530, Ovarro Tbox Lt2-532 Firmware, Ovarro Tbox Lt2-532.