35 matches found
EUVD-2022-50319
Malicious code in bioql PyPI...
EUVD-2022-50317
Malicious code in bioql PyPI...
EUVD-2022-50315
Malicious code in bioql PyPI...
EUVD-2022-50320
Malicious code in bioql PyPI...
CVE-2022-47560
The lack of web request control on ekorCCP and ekorRCI devices allows a potential attacker to create custom requests to execute malicious actions when a user is logged in...
Design/Logic Flaw
UNSUPPPORTED WHEN ASSIGNED The lack of web request control on ekorCCP and ekorRCI devices allows a potential attacker to create custom requests to execute malicious actions when a user is logged in...
CVE-2022-47560
CVE-2022-47560 affects ekorCCP and ekorRCI devices. Root cause: lack of web request control enables an attacker to craft custom requests while a user is logged in, potentially triggering malicious actions. Documented impacts include higher confidentiality risk (CVE/metrics note HIGH confidentiali...
CVE-2022-47560 Cleartext Transmission of Sensitive Information in Ormazabal products
The lack of web request control on ekorCCP and ekorRCI devices allows a potential attacker to create custom requests to execute malicious actions when a user is logged in...
PT-2023-15403 · Ekorccp +1 · Ekorccp +1
Name of the Vulnerable Software and Affected Versions: ekorCCP affected versions not specified ekorRCI affected versions not specified Description: The lack of web request control on devices allows a potential attacker to create custom requests to execute malicious actions when a user is logged i...
CVE-2022-47559
Lack of device control over web requests in ekorCCP and ekorRCI, allowing an attacker to create customised requests to execute malicious actions when a user is logged in, affecting availability, privacy and integrity...
CVE-2022-47559
Lack of device control over web requests in ekorCCP and ekorRCI, allowing an attacker to create customised requests to execute malicious actions when a user is logged in, affecting availability, privacy and integrity...
CVE-2022-47555
Operating system command injection in ekorCCP and ekorRCI, which could allow an authenticated attacker to execute commands, create new users with elevated privileges or set up a backdoor...
CVE-2022-47557
Vulnerability in ekorCCP and ekorRCI that could allow an attacker with access to the network where the device is located to decrypt the credentials of privileged users, and subsequently gain access to the system to perform malicious actions...
CVE-2022-47555
Operating system command injection in ekorCCP and ekorRCI, which could allow an authenticated attacker to execute commands, create new users with elevated privileges or set up a backdoor...
CVE-2022-47557
Vulnerability in ekorCCP and ekorRCI that could allow an attacker with access to the network where the device is located to decrypt the credentials of privileged users, and subsequently gain access to the system to perform malicious actions...
CVE-2022-47554
Exposure of sensitive information in ekorCCP and ekorRCI, potentially allowing a remote attacker to obtain critical information from various .xml files, including .xml files containing credentials, without being authenticated within the web server...
CVE-2022-47554
Exposure of sensitive information in ekorCCP and ekorRCI, potentially allowing a remote attacker to obtain critical information from various .xml files, including .xml files containing credentials, without being authenticated within the web server...
CVE-2022-47553
Incorrect authorisation in ekorCCP and ekorRCI, which could allow a remote attacker to obtain resources with sensitive information for the organisation, without being authenticated within the web server...
Information disclosure
UNSUPPPORTED WHEN ASSIGNED Incorrect authorisation in ekorCCP and ekorRCI, which could allow a remote attacker to obtain resources with sensitive information for the organisation, without being authenticated within the web server...
Command injection
UNSUPPPORTED WHEN ASSIGNED Operating system command injection in ekorCCP and ekorRCI, which could allow an authenticated attacker to execute commands, create new users with elevated privileges or set up a backdoor...