CVE-2022-47558 CRITICAL

CVE-2022-47558: Improper Access Control in Ormazabal products

Vendor Ormazabal
Product ekorCCP
Weakness CWE-284
Published September 19, 2023
Last update August 3, 2024

CVSS base score

9.4/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

What the vulnerability does

01Description

Devices ekorCCP and ekorRCI are vulnerable due to access to the FTP service using default credentials. Exploitation of this vulnerability can allow an attacker to modify critical files that could allow the creation of new users, delete or modify existing users, modify configuration files, install rootkits or backdoors.

Key dates

02Disclosure timeline

September 19, 2023 CVE published
August 3, 2024 Record updated