Vulnerabilities > CVE-2022-47557 - Use of Password Hash With Insufficient Computational Effort vulnerability in Ormazabal Ekorccp Firmware and Ekorrci Firmware

CVSS 6.1 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

LOW

Availability impact

NONE

local

low complexity

ormazabal

CWE-916

NVD

Published: 2023-09-19

Updated: 2024-07-11

Summary

Vulnerability in ekorCCP and ekorRCI that could allow an attacker with access to the network where the device is located to decrypt the credentials of privileged users, and subsequently gain access to the system to perform malicious actions.

Vulnerable Configurations

Part	Description	Count
OS	Ormazabal Ormazabal Ekorrci Firmware 601J Ormazabal Ekorccp Firmware 601J	2
Hardware	Ormazabal Ormazabal Ekorrci - Ormazabal Ekorccp -	2

Common Weakness Enumeration (CWE)

CWE-916 - Use of Password Hash With Insufficient Computational Effort

References

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products