CVE-2021-22642

Summary

CVE	CVE-2021-22642
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-07-28 15:15:00 UTC
Updated	2022-08-04 13:31:00 UTC
Description	An attacker could use specially crafted invalid Modbus frames to crash the Ovarro TBox system.

Risk And Classification

Problem Types: CWE-400

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Ovarro	Tbox Lt2-530	-	All	All	All
Operating System	Ovarro	Tbox Lt2-530 Firmware	All	All	All	All
Hardware	Ovarro	Tbox Lt2-532	-	All	All	All
Operating System	Ovarro	Tbox Lt2-532 Firmware	All	All	All	All
Hardware	Ovarro	Tbox Lt2-540	-	All	All	All
Operating System	Ovarro	Tbox Lt2-540 Firmware	All	All	All	All
Hardware	Ovarro	Tbox Ms-cpu32	-	All	All	All
Hardware	Ovarro	Tbox Ms-cpu32-s2	-	All	All	All
Operating System	Ovarro	Tbox Ms-cpu32-s2 Firmware	All	All	All	All
Operating System	Ovarro	Tbox Ms-cpu32 Firmware	All	All	All	All
Hardware	Ovarro	Tbox Rm2	-	All	All	All
Operating System	Ovarro	Tbox Rm2 Firmware	All	All	All	All
Hardware	Ovarro	Tbox Tg2	-	All	All	All
Operating System	Ovarro	Tbox Tg2 Firmware	All	All	All	All
Application	Ovarro	Twinsoft	All	All	All	All

References

Reference	Source	Link	Tags
Ovarro TBox (Update A) \| CISA	CONFIRM	www.cisa.gov
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Discovery Credit

LEGACY: Uri Katz of Claroty reported these vulnerabilities to CISA.

Legacy QID Mappings

591363 Ovarro TBox MS-CPU32, TBox MS-CPU32-S2, TBox LT2, TBox TG2, TBox RM2 product families Vulnerability (TBOX-SA-2021-0005)