Lucene search

INCIBECVELIST:CVE-2022-47556

HistorySep 19, 2023 - 12:51 p.m.

CVE-2022-47556 Uncontrolled Resource Consumption in Ormazabal products

2023-09-1912:51:19

CWE-400

INCIBE

www.cve.org

uncontrolled resource consumption

ormazabal products

ekorrci

denial of service

web server

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

32.4%

JSON

Uncontrolled resource consumption in ekorRCI, allowing an attacker with low-privileged access to the web server to send continuous legitimate web requests to a functionality that is not properly validated, in order to cause a denial of service (DoS) on the device.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ekorRCI",
    "vendor": "Ormazabal",
    "versions": [
      {
        "status": "affected",
        "version": "601j"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

32.4%

JSON

Related for CVELIST:CVE-2022-47556