Lucene search

INCIBEVULNRICHMENT:CVE-2022-47556

HistorySep 19, 2023 - 12:51 p.m.

CVE-2022-47556 Uncontrolled Resource Consumption in Ormazabal products

2023-09-1912:51:19

CWE-400

INCIBE

github.com

cve-2022-47556

uncontrolled resource consumption

ormazabal products

denial of service

low-privileged access

web server

legitimate web requests

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

32.4%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Uncontrolled resource consumption in ekorRCI, allowing an attacker with low-privileged access to the web server to send continuous legitimate web requests to a functionality that is not properly validated, in order to cause a denial of service (DoS) on the device.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:h:ormazabal:ekorrci:-:*:*:*:*:*:*:*"
    ],
    "vendor": "ormazabal",
    "product": "ekorrci",
    "versions": [
      {
        "status": "affected",
        "version": "601j"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

32.4%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2022-47556