CVE-2021-22650

Summary

CVE	CVE-2021-22650
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-07-28 15:15:00 UTC
Updated	2022-08-04 14:06:00 UTC
Description	An attacker may use TWinSoft and a malicious source project file (TPG) to extract files on machine executing Ovarro TWinSoft, which could lead to code execution.

Risk And Classification

Problem Types: CWE-22

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Ovarro	Tbox Lt2-530	-	All	All	All
Operating System	Ovarro	Tbox Lt2-530 Firmware	All	All	All	All
Hardware	Ovarro	Tbox Lt2-532	-	All	All	All
Operating System	Ovarro	Tbox Lt2-532 Firmware	All	All	All	All
Hardware	Ovarro	Tbox Lt2-540	-	All	All	All
Operating System	Ovarro	Tbox Lt2-540 Firmware	All	All	All	All
Hardware	Ovarro	Tbox Ms-cpu32	-	All	All	All
Hardware	Ovarro	Tbox Ms-cpu32-s2	-	All	All	All
Operating System	Ovarro	Tbox Ms-cpu32-s2 Firmware	All	All	All	All
Operating System	Ovarro	Tbox Ms-cpu32 Firmware	All	All	All	All
Hardware	Ovarro	Tbox Rm2	-	All	All	All
Operating System	Ovarro	Tbox Rm2 Firmware	All	All	All	All
Hardware	Ovarro	Tbox Tg2	-	All	All	All
Operating System	Ovarro	Tbox Tg2 Firmware	All	All	All	All
Application	Ovarro	Twinsoft	All	All	All	All

References

Reference	Source	Link	Tags
Ovarro TBox (Update A) \| CISA	CONFIRM	www.cisa.gov
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Discovery Credit

LEGACY: Uri Katz of Claroty reported these vulnerabilities to CISA.

There are currently no legacy QID mappings associated with this CVE.