Claroty Research on Ovarro TBox RTUs and TWinSoft Engineering Software (products used in water/wastewater systems)

Industrial cybersecurity firm Claroty released its research regarding findings of vulnerabilities affecting Ovarro’s TBox remote terminal units (RTUs) and TWinSoft engineering software. ICS-CERT has published ICS Advisory ICSA-21-054-04. Claroty’s research highlights findings in implementations of Ovarro’s proprietary version of the Modbus protocol which allows for malicious code to be injected through the modification of an update package. Claroty also discovered denial-of-service, memory corruption, and security bypass vulnerabilities in TBox. These vulnerabilities demonstrate the risks of connecting critical infrastructure to the internet, and the need to securely configure authentication for devices, and promptly address software and firmware vulnerabilities. According to Claroty, TBox RTUs are prevalent in critical infrastructure, specifically in the water, power, oil & gas, transportation, and process industries, enabling remote control and monitoring of applications and processes. Members are highly encouraged to read this research and forward to OT engineers and operators as needed. Read more at Claroty.