Cyber Security

ALERTS & NOTIFICATIONS

Ovarro is committed to providing our customers with products, systems and services that take Cyber Security into consideration to better support supply chain security. To help our customers minimise risks, it is important that cyber security incidents and software vulnerabilities are handled in a proper and timely manner. 

 

 Subscribe to email alerts for newly published CVEs

Subscribe

21-11-2024 – TBOX-SA-2024-0001 – Code injection through TBox configuration
Download
21-11-2024 – TBOX-SA-2023-0003 – Run user defined configuration scripts (CVE-2023-36609)
Download
29-06-2023 – TBOX-SA-2023-0005 – Sensitive information stored as plaintext in memory (CVE-2023-3395)
Download
29-06-2023 – TBOX-SA-2023-0004 – Insufficient entropy and improper authorization on authorization token (CVE-2023-36610, CVE-2023-36611)
Download
29-06-2023 – TBOX-SA-2023-0002 – Missing authorization for running some API commands (CVE-2023-36607)
Download
09-06-2023 – TBOX-SA-2023-0001 – Use of a Broken or Risky Cryptographic Algorithm (CVE-2023-36608)
Download
07-11-2022 – TBOX-SA-2022-0001 – Open SSL vulnerabilities (CVE-2022-3602, CVE-2022-3786)
Download
30-08-2022 - SEP-SA-2022-0001 - ISaGRAF Workbench (CVE-2022-1018, CVE-2022-2463, CVE-2022-2464, CVE-2022-2465)
Download
29-08-2022 - KF-SA-2022-0001 - ISaGRAF Workbench (CVE-2022-1018, CVE-2022-2463, CVE-2022-2464, CVE-2022-2465)
Download
09-09-2021 TBOX-SA-2021-0010 - Sequoia Vulnerability
Download
09-09-2021 - TBOX-SA-2021-0009 - Code Execution on Host Machine Through TPG (CVE-2021-22650)
Download
23-03-2021 - TBOX-SA-2021-0008 - Bogus Command Filtering In Shell (CVE-2021-22644)
Download
23-03-2021 - TBOX-SA-2021-0007 - Sensitive Information May Be Intercepted Through Unsecure Protocol (CVE-2021-22640)
Download
23-03-2021 - TBOX-SA-2021-0006 - Remote Code Execution Through Update Mechanism (CVE-2021-22646)
Download
23-03-2021 - TBOX-SA-2021-0005 - Crash When Receiving Crafted Modbus Packet (CVE-2021-22642)
Download
23-03-2021 - TBOX-SA-2021-0004 - Overly Permissive File System Access (CVE-2020-28990, CVE-2021-22648)
Download
08-02-2021 - TBOX-SA-2021-0003 - Buffer Overflow in Web Server (CVE-2020-28989)
Download
08-02-2021 -TBOX-SA-2021-0002 - No Authentication Required To Read Project File (CVE-2020-28988)
Download
09-09-2021 - TBOX-SA-2021-0001 - Weak Encryption Mechanism of Project File (CVE-2020-28987)
Download
PGP key
Download the below PGP key for secure reporting. Please send all emails to cybersecurity@ovarro.com
Download
EoL Products Update
The following product families are obsolete since July 2016 and may be impacted by vulnerabilities. No firmware update will be provided anymore. Read more.
Download
Log4J Overview Related Software
Follow the link to access a list of all known vulnerable and not vulnerable software relating to the Log4J vulnerability. https://ovarro.com/en/global/news/log4j-overview-related-software/3/
Download