The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution.CreditsUri Katz of Claroty reported these vulnerabilities to CISA.Referenceshttps://www.cisa.gov/uscert/ics/advisories/icsa-21-054-04
