Cyber Security

ALERTS & NOTIFICATIONS

Ovarro is committed to providing our customers with products, systems and services that take Cyber Security into consideration to better support supply chain security. To help our customers minimise risks, it is important that cyber security incidents and software vulnerabilities are handled in a proper and timely manner. 
9-06-2023 – TBOX-SA-2023-0001 – Use of a Broken or Risky Cryptographic Algorithm (CVE-2023-36608)
Download
29-06-2023 – TBOX-SA-2023-0002 – Missing authorization for running some API commands (CVE-2023-36607)
Download
29-06-2023 – TBOX-SA-2023-0003 – Run user defined configuration scripts (CVE-2023-36609)
Download
29-06-2023 – TBOX-SA-2023-0004 – Insufficient entropy and improper authorization on authorization token (CVE-2023-36610, CVE-2023-36611)
Download
29-06-2023 – TBOX-SA-2023-0005 – Sensitive information stored as plaintext in memory (CVE-2023-3395
Download
2022-0001 Security Advisory-KF-SA
Download
2022-0001 Security Advisory ISaGRAF Workbench-SEP-SA
Download
2022-001 TBOX-SA
Download
09-09-2021 - TBOX-SA-2021-0009 - Code Execution on Host Machine Through TPG (CVE-2021-22650)
Download
09-09-21 TBOX-SA-2021-0010 - Sequoia Vulnerability
Download
09-09-2021 - TBOX-SA-0001 - Weak Encryption Mechanism of Project File (CVE-2020-28987)
Download
08-02-2021 -TBOX-SA-2021-0002 - No Authentication Required To Read Project File (CVE-2020-28988)
Download
08-02-2021 - TBOX-SA-2021-0003 - Buffer Overflow in Web Server (CVE-2020-28989)
Download
23-03-2021 - TBOX-SA-2021-0004 - Overly Permissive File System Access (CVE-2020-28990, CVE-2021-22648)
Download
23-03-2021 - TBOX-SA-2021-0005 - Crash When Receiving Crafted Modbus Packet (CVE-2021-22642)
Download
23-03-2021 - TBOX-SA-2021-0006 - Remote Code Execution Through Update Mechanism (CVE-2021-22646)
Download
23-03-2021 - TBOX-SA-2021-0007 - Sensitive Information May Be Intercepted Through Unsecure Protocol (CVE-2021-22640)
Download
23-03-2021 - TBOX-SA-2021-0008 - Bogus Command Filtering In Shell (CVE-2021-22644)
Download
Log4J Overview Related Software
Follow the link to access a list of all known vulnerable and not vulnerable software relating to the Log4J vulnerability. https://www.ovarro.com/en/europe/news/log4j-overview-related-software/
Download
EoL Products Update
The following product families are obsolete since July 2016 and may be impacted by vulnerabilities. No firmware update will be provided anymore. Read more.
Download
PGP Key
Download the below PGP key for secure reporting. Please send all emails to [email protected]
Download
Email alerts for newly published CVEs
To subscribe to email alerts, please complete this form: click here
Download
Cyber security icon