CVE-2021-22646

IMPROPER CONTROL OF GENERATION OF CODE ('CODE INJECTION') CWE-94
The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in the TBox, allowing malicious code execution.

Read more: Claroty Uncovers Vulnerabilities in Ovarro TBox RTUs

Risk Information

  • CVE ID
  • CVE-2021-22646
  • Vendor
  • Ovarro
  • Product
  • TBox
  • CVSS v3
  • 8.8