GSD-2022-47557

Vulnerability from gsd - Updated: 2023-12-13 01:19
Details
** UNSUPPPORTED WHEN ASSIGNED ** Vulnerability in ekorCCP and ekorRCI that could allow an attacker with access to the network where the device is located to decrypt the credentials of privileged users, and subsequently gain access to the system to perform malicious actions.
Aliases
Aliases
CVE-2022-47557
To clipboard 

{
  "GSD": {
    "alias": "CVE-2022-47557",
    "id": "GSD-2022-47557"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-47557"
      ],
      "details": "** UNSUPPPORTED WHEN ASSIGNED ** Vulnerability in ekorCCP and ekorRCI that could allow an attacker with access to the network where the device is located to decrypt the credentials of privileged users, and subsequently gain access to the system to perform malicious actions.",
      "id": "GSD-2022-47557",
      "modified": "2023-12-13T01:19:36.079739Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve-coordination@incibe.es",
        "ID": "CVE-2022-47557",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "ekorCCP",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "601j"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "ekorRCI",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "601j"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Ormazabal"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "Jacinto Moral Matell\u00e1n"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** UNSUPPPORTED WHEN ASSIGNED ** Vulnerability in ekorCCP and ekorRCI that could allow an attacker with access to the network where the device is located to decrypt the credentials of privileged users, and subsequently gain access to the system to perform malicious actions."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-916",
                "lang": "eng",
                "value": "CWE-916 Use of Password Hash With Insufficient Computational Effort"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products",
            "refsource": "MISC",
            "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products"
          }
        ]
      },
      "solution": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Ormazabal recommends upgrading to updated models."
            }
          ],
          "value": "Ormazabal recommends upgrading to updated models."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:ormazabal:ekorrci_firmware:601j:*:*:*:*:*:*:*",
                    "matchCriteriaId": "34615054-34DD-469E-80FC-F5C3F74850AC",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:ormazabal:ekorrci:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C5E73387-2229-4A85-A3A7-A0A2C1D74EA6",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:ormazabal:ekorccp_firmware:601j:*:*:*:*:*:*:*",
                    "matchCriteriaId": "3A8F0358-F8FA-4AEB-B88E-C56E2E965B7B",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:ormazabal:ekorccp:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "77B2D423-E767-495C-93C7-4C4B724BE3E3",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Vulnerability in ekorCCP and ekorRCI that could allow an attacker with access to the network where the device is located to decrypt the credentials of privileged users, and subsequently gain access to the system to perform malicious actions."
          },
          {
            "lang": "es",
            "value": "** NO COMPATIBLE CUANDO EST\u00c1 ASIGNADO ** Vulnerabilidad en ekorCCP y ekorRCI que podr\u00eda permitir a un atacante con acceso a la red donde se encuentra el dispositivo descifrar las credenciales de usuarios privilegiados, y posteriormente acceder al sistema para realizar acciones maliciosas."
          }
        ],
        "id": "CVE-2022-47557",
        "lastModified": "2024-04-11T01:17:16.703",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 1.8,
              "impactScore": 4.2,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 1.8,
              "impactScore": 4.2,
              "source": "cve-coordination@incibe.es",
              "type": "Secondary"
            }
          ]
        },
        "published": "2023-09-19T13:16:20.843",
        "references": [
          {
            "source": "cve-coordination@incibe.es",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products"
          }
        ],
        "sourceIdentifier": "cve-coordination@incibe.es",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-916"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-916"
              }
            ],
            "source": "cve-coordination@incibe.es",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.