29 matches found
CVE-2022-47562 Allocation of Resources Without Limits or Throttling in Ormazabal products
Vulnerability in the RCPbind service running on UDP port 111, allowing a remote attacker to create a denial of service DoS condition...
CVE-2022-47561 Unprotected Storage of Credentials in Ormazabal products
The web application stores credentials in clear text in the "admin.xml" file, which can be accessed without logging into the website, which could allow an attacker to obtain credentials related to all users, including admin users, in clear text, and use them to subsequently execute malicious...
CVE-2022-47561 Unprotected Storage of Credentials in Ormazabal products
The web application stores credentials in clear text in the "admin.xml" file, which can be accessed without logging into the website, which could allow an attacker to obtain credentials related to all users, including admin users, in clear text, and use them to subsequently execute malicious...
CVE-2022-47560 Cleartext Transmission of Sensitive Information in Ormazabal products
The lack of web request control on ekorCCP and ekorRCI devices allows a potential attacker to create custom requests to execute malicious actions when a user is logged in...
CVE-2022-47560 Cleartext Transmission of Sensitive Information in Ormazabal products
The lack of web request control on ekorCCP and ekorRCI devices allows a potential attacker to create custom requests to execute malicious actions when a user is logged in...
CVE-2022-47559 Cross-Site Request Forgery in Ormazabal products
Lack of device control over web requests in ekorCCP and ekorRCI, allowing an attacker to create customised requests to execute malicious actions when a user is logged in, affecting availability, privacy and integrity...
CVE-2022-47559 Cross-Site Request Forgery in Ormazabal products
Lack of device control over web requests in ekorCCP and ekorRCI, allowing an attacker to create customised requests to execute malicious actions when a user is logged in, affecting availability, privacy and integrity...
CVE-2022-47558 Improper Access Control in Ormazabal products
Devices ekorCCP and ekorRCI are vulnerable due to access to the FTP service using default credentials. Exploitation of this vulnerability can allow an attacker to modify critical files that could allow the creation of new users, delete or modify existing users, modify configuration files, install...
CVE-2022-47558 Improper Access Control in Ormazabal products
Devices ekorCCP and ekorRCI are vulnerable due to access to the FTP service using default credentials. Exploitation of this vulnerability can allow an attacker to modify critical files that could allow the creation of new users, delete or modify existing users, modify configuration files, install...
CVE-2022-47557 Use of Password Hash With Insufficient Computational Effort in Ormazabal products
Vulnerability in ekorCCP and ekorRCI that could allow an attacker with access to the network where the device is located to decrypt the credentials of privileged users, and subsequently gain access to the system to perform malicious actions...
CVE-2022-47557 Use of Password Hash With Insufficient Computational Effort in Ormazabal products
Vulnerability in ekorCCP and ekorRCI that could allow an attacker with access to the network where the device is located to decrypt the credentials of privileged users, and subsequently gain access to the system to perform malicious actions...
CVE-2022-47556 Uncontrolled Resource Consumption in Ormazabal products
Uncontrolled resource consumption in ekorRCI, allowing an attacker with low-privileged access to the web server to send continuous legitimate web requests to a functionality that is not properly validated, in order to cause a denial of service DoS on the device...
CVE-2022-47556 Uncontrolled Resource Consumption in Ormazabal products
Uncontrolled resource consumption in ekorRCI, allowing an attacker with low-privileged access to the web server to send continuous legitimate web requests to a functionality that is not properly validated, in order to cause a denial of service DoS on the device...
CVE-2022-47555 Improper Neutralization of Special Elements in Ormazabal products
Operating system command injection in ekorCCP and ekorRCI, which could allow an authenticated attacker to execute commands, create new users with elevated privileges or set up a backdoor...
CVE-2022-47555 Improper Neutralization of Special Elements in Ormazabal products
Operating system command injection in ekorCCP and ekorRCI, which could allow an authenticated attacker to execute commands, create new users with elevated privileges or set up a backdoor...
CVE-2022-47554 Exposure of Sensitive Information in Ormazabal products
Exposure of sensitive information in ekorCCP and ekorRCI, potentially allowing a remote attacker to obtain critical information from various .xml files, including .xml files containing credentials, without being authenticated within the web server...
CVE-2022-47554 Exposure of Sensitive Information in Ormazabal products
Exposure of sensitive information in ekorCCP and ekorRCI, potentially allowing a remote attacker to obtain critical information from various .xml files, including .xml files containing credentials, without being authenticated within the web server...
CVE-2022-47553 Improper Authorization in Ormazabal products
Incorrect authorisation in ekorCCP and ekorRCI, which could allow a remote attacker to obtain resources with sensitive information for the organisation, without being authenticated within the web server...
CVE-2022-47553 Improper Authorization in Ormazabal products
Incorrect authorisation in ekorCCP and ekorRCI, which could allow a remote attacker to obtain resources with sensitive information for the organisation, without being authenticated within the web server...
Ormazabal ekorCCP 和 ekorRCI 操作系统命令注入漏洞
Ormazabal is a family of power system management products. A security vulnerability exists in Ormazabal ekorCCP and ekorRCI, no information is available at this time, please stay tuned to CNNVD or the vendor announcement...