9.8
CVE-2021-22640
- EPSS 0.66%
- Veröffentlicht 28.07.2022 15:15:07
- Zuletzt bearbeitet 17.04.2025 16:15:21
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginOvarro TBox Insufficiently Protected Credentials
An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ovarro ≫ Tbox Lt2-530 Firmware Version < 1.46
Ovarro ≫ Tbox Lt2-532 Firmware Version < 1.46
Ovarro ≫ Tbox Lt2-540 Firmware Version < 1.46
Ovarro ≫ Tbox Ms-cpu32 Firmware Version < 1.46
Ovarro ≫ Tbox Ms-cpu32-s2 Firmware Version < 1.46
Ovarro ≫ Tbox Rm2 Firmware Version < 1.46
Ovarro ≫ Tbox Tg2 Firmware Version < 1.46
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.66% | 0.465 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| ics-cert@hq.dhs.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-294 Authentication Bypass by Capture-replay
A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).
CWE-307 Improper Restriction of Excessive Authentication Attempts
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.
CWE-522 Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
https://www.cisa.gov/uscert/ics/advisories/icsa-21-054-04