Free Webinar:

When Ransomware Strikes | The Impact of Ransomware in OT Environments

Skip to main content
Security Advisory

Ovarro / CSE Semaphore TBox and TwinSoft

Risk Information

Limited Threat

CVE ID

CVE-2020-28988

CVE-2020-28989

CVE-2020-28990

CVE-2020-28987

Vunerability Type

Project File May Be Overwritten Without Authentication

HTTP Server Buffer Overflow

Project File May Be Overwritten Without Authentication

Project File Contains Reversible Passcode

CVSS3 Score

7.5

10

10

6.2

CVSSv3 Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affecting

  • TBox Lite: all versions
  • TwinSoft: all versions
  • TBox LT2, MS, Nano, TG2, and RM2 are vulnerable to CVE-2020-28987, CVE-2020-28988: all versions
  • Mitigation

    No mitigation is provided by the vendor. The vendors expects to add security features to TWinSoft and TBox controllers in 2021, however the vendor has stated that it will not provide updates to the TBox Lite controller line.

    12/22/2020