CVE-2021-22642 - Vulnerability Details - OpenCVE

An attacker could use specially crafted invalid Modbus frames to crash the Ovarro TBox system.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Ovarro	Tbox Lt2-530 Tbox Lt2-530 Firmware Tbox Lt2-532 Tbox Lt2-532 Firmware Tbox Lt2-540 Tbox Lt2-540 Firmware Tbox Ms-cpu32 Tbox Ms-cpu32-s2 Tbox Ms-cpu32-s2 Firmware Tbox Ms-cpu32 Firmware Tbox Rm2 Tbox Rm2 Firmware Tbox Tg2 Tbox Tg2 Firmware Twinsoft

Configuration 1 [-]

cpe:2.3:a:ovarro:twinsoft:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:ovarro:tbox_lt2-530_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ovarro:tbox_lt2-530:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:ovarro:tbox_lt2-532_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ovarro:tbox_lt2-532:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:ovarro:tbox_lt2-540_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ovarro:tbox_lt2-540:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:ovarro:tbox_ms-cpu32_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ovarro:tbox_ms-cpu32:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:ovarro:tbox_ms-cpu32-s2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:ovarro:tbox_rm2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ovarro:tbox_rm2:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:ovarro:tbox_tg2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ovarro:tbox_tg2:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.cisa.gov/uscert/ics/advisories/icsa-21-054-04

History

Thu, 17 Apr 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2022-07-28T14:17:44.000Z

Updated: 2025-04-17T15:49:28.131Z

Reserved: 2021-01-05T00:00:00.000Z

Link: CVE-2021-22642

Vulnrichment

Updated: 2024-08-03T18:44:14.047Z

NVD

Status : Modified

Published: 2022-07-28T15:15:07.257

Modified: 2025-04-17T16:15:22.093

Link: CVE-2021-22642

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "TBox", "vendor": "Ovarro", "versions": [{"status": "affected", "version": "LT2"}, {"status": "affected", "version": "MS-CPU32"}, {"status": "affected", "version": "MS-CPU32-S2"}, {"status": "affected", "version": "RM2"}, {"status": "affected", "version": "TG2"}]}], "credits": [{"lang": "en", "value": "Uri Katz of Claroty reported these vulnerabilities to CISA."}], "descriptions": [{"lang": "en", "value": "An attacker could use specially crafted invalid Modbus frames to crash the Ovarro TBox system."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "CVE-400", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-07-28T14:17:44.000Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-054-04"}], "solutions": [{"lang": "en", "value": "Ovarro recommends affected users update to 12.5 or later of TWinSoft to mitigate these vulnerabilities.\n\nThe latest version can be found on www.ovarro.com in the customer support section (service portal)."}], "source": {"discovery": "EXTERNAL"}, "title": "Ovarro TBox Uncontrolled Resource Consumption", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2021-22642", "STATE": "PUBLIC", "TITLE": "Ovarro TBox Uncontrolled Resource Consumption"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "TBox", "version": {"version_data": [{"version_affected": "=", "version_value": "LT2"}, {"version_affected": "=", "version_value": "MS-CPU32"}, {"version_affected": "=", "version_value": "MS-CPU32-S2"}, {"version_affected": "=", "version_value": "RM2"}, {"version_affected": "=", "version_value": "TG2"}]}}]}, "vendor_name": "Ovarro"}]}}, "credit": [{"lang": "eng", "value": "Uri Katz of Claroty reported these vulnerabilities to CISA."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An attacker could use specially crafted invalid Modbus frames to crash the Ovarro TBox system."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CVE-400"}]}]}, "references": {"reference_data": [{"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-054-04", "refsource": "CONFIRM", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-054-04"}]}, "solution": [{"lang": "en", "value": "Ovarro recommends affected users update to 12.5 or later of TWinSoft to mitigate these vulnerabilities.\n\nThe latest version can be found on www.ovarro.com in the customer support section (service portal)."}], "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:44:14.047Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-054-04"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-400", "lang": "en", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-17T14:34:27.455208Z", "id": "CVE-2021-22642", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-17T15:49:28.131Z"}}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-22642", "datePublished": "2022-07-28T14:17:44.000Z", "dateReserved": "2021-01-05T00:00:00.000Z", "dateUpdated": "2025-04-17T15:49:28.131Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-054-04", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:44:14.047Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-22642", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-17T14:34:27.455208Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-17T14:34:29.303Z"}}], "cna": {"title": "Ovarro TBox Uncontrolled Resource Consumption", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "value": "Uri Katz of Claroty reported these vulnerabilities to CISA."}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Ovarro", "product": "TBox", "versions": [{"status": "affected", "version": "LT2"}, {"status": "affected", "version": "MS-CPU32"}, {"status": "affected", "version": "MS-CPU32-S2"}, {"status": "affected", "version": "RM2"}, {"status": "affected", "version": "TG2"}]}], "solutions": [{"lang": "en", "value": "Ovarro recommends affected users update to 12.5 or later of TWinSoft to mitigate these vulnerabilities.\n\nThe latest version can be found on www.ovarro.com in the customer support section (service portal)."}], "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-054-04", "tags": ["x_refsource_CONFIRM"]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "descriptions": [{"lang": "en", "value": "An attacker could use specially crafted invalid Modbus frames to crash the Ovarro TBox system."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "CVE-400"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2022-07-28T14:17:44.000Z"}, "x_legacyV4Record": {"credit": [{"lang": "eng", "value": "Uri Katz of Claroty reported these vulnerabilities to CISA."}], "impact": {"cvss": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, "source": {"discovery": "EXTERNAL"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "LT2", "version_affected": "="}, {"version_value": "MS-CPU32", "version_affected": "="}, {"version_value": "MS-CPU32-S2", "version_affected": "="}, {"version_value": "RM2", "version_affected": "="}, {"version_value": "TG2", "version_affected": "="}]}, "product_name": "TBox"}]}, "vendor_name": "Ovarro"}]}}, "solution": [{"lang": "en", "value": "Ovarro recommends affected users update to 12.5 or later of TWinSoft to mitigate these vulnerabilities.\n\nThe latest version can be found on www.ovarro.com in the customer support section (service portal)."}], "data_type": "CVE", "generator": {"engine": "Vulnogram 0.0.9"}, "references": {"reference_data": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-054-04", "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-054-04", "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "An attacker could use specially crafted invalid Modbus frames to crash the Ovarro TBox system."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CVE-400"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-22642", "STATE": "PUBLIC", "TITLE": "Ovarro TBox Uncontrolled Resource Consumption", "ASSIGNER": "ics-cert@hq.dhs.gov"}}}}, "cveMetadata": {"cveId": "CVE-2021-22642", "state": "PUBLISHED", "dateUpdated": "2025-04-17T15:49:28.131Z", "dateReserved": "2021-01-05T00:00:00.000Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2022-07-28T14:17:44.000Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ovarro:twinsoft:*:*:*:*:*:*:*:*", "matchCriteriaId": "B79BE17A-7179-430C-B8FD-C2F72EB23DBF", "versionEndExcluding": "12.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ovarro:tbox_lt2-530_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0DECA4DF-4FFE-42BC-94CE-490C1D2370B2", "versionEndExcluding": "1.46", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ovarro:tbox_lt2-530:-:*:*:*:*:*:*:*", "matchCriteriaId": "86E78A8D-9B20-4162-81EA-E707224DA475", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ovarro:tbox_lt2-532_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B7D10411-651E-44DD-8C98-25CF7E183EAB", "versionEndExcluding": "1.46", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ovarro:tbox_lt2-532:-:*:*:*:*:*:*:*", "matchCriteriaId": "B08843AE-E7C3-44AD-9800-6EEEA00C1D60", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ovarro:tbox_lt2-540_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B7045481-F093-404D-B9E1-832D4EBA8712", "versionEndExcluding": "1.46", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ovarro:tbox_lt2-540:-:*:*:*:*:*:*:*", "matchCriteriaId": "54D1B1BD-E3FF-4F4E-9248-0472BF3A4524", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ovarro:tbox_ms-cpu32_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "25B291F2-EE60-4C51-BD3B-6233292EC144", "versionEndExcluding": "1.46", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ovarro:tbox_ms-cpu32:-:*:*:*:*:*:*:*", "matchCriteriaId": "0746C27E-6100-430A-8005-F71C8D24E827", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ovarro:tbox_ms-cpu32-s2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "959C6D18-D3B9-4819-945D-CD46251C63F2", "versionEndExcluding": "1.46", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:-:*:*:*:*:*:*:*", "matchCriteriaId": "1753583A-93AC-4DBE-8E2C-A4816B8D1D11", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ovarro:tbox_rm2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "399E43B9-311F-428A-B924-44CF833634AF", "versionEndExcluding": "1.46", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ovarro:tbox_rm2:-:*:*:*:*:*:*:*", "matchCriteriaId": "F73C576F-9BAB-4C8E-9B47-9C930B67C910", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ovarro:tbox_tg2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B9786858-CD7C-4F05-A266-1C5C6AC46256", "versionEndExcluding": "1.46", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ovarro:tbox_tg2:-:*:*:*:*:*:*:*", "matchCriteriaId": "551340E5-D721-40F1-8D14-CBF87A68BFB3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An attacker could use specially crafted invalid Modbus frames to crash the Ovarro TBox system."}, {"lang": "es", "value": "Un atacante podr\u00eda usar tramas Modbus no v\u00e1lidas especialmente dise\u00f1adas para bloquear el sistema Ovarro TBox"}], "id": "CVE-2021-22642", "lastModified": "2025-04-17T16:15:22.093", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-28T15:15:07.257", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-054-04"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-054-04"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}