Lucene search

INCIBECVELIST:CVE-2022-47555

HistorySep 19, 2023 - 12:47 p.m.

CVE-2022-47555 Improper Neutralization of Special Elements in Ormazabal products

2023-09-1912:47:13

CWE-78

INCIBE

www.cve.org

cve-2022-47555

ormazabal products

command injection

vulnerability

ekorccp

ekorrci

authenticated attacker

execute commands

create new users

elevated privileges

backdoor

CVSS3

9.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

43.3%

JSON

Operating system command injection in ekorCCP and ekorRCI, which could allow an authenticated attacker to execute commands, create new users with elevated privileges or set up a backdoor.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ekorCCP",
    "vendor": "Ormazabal",
    "versions": [
      {
        "status": "affected",
        "version": "601j"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "ekorRCI",
    "vendor": "Ormazabal",
    "versions": [
      {
        "status": "affected",
        "version": "601j"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products

CVSS3

9.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

43.3%

JSON

Related for CVELIST:CVE-2022-47555