Vulnerabilities > Ormazabal
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-20 | CVE-2022-47560 | Cleartext Transmission of Sensitive Information vulnerability in Ormazabal Ekorccp Firmware and Ekorrci Firmware The lack of web request control on ekorCCP and ekorRCI devices allows a potential attacker to create custom requests to execute malicious actions when a user is logged in. | 6.5 |
| 2023-09-20 | CVE-2022-47561 | Insufficiently Protected Credentials vulnerability in Ormazabal Ekorccp Firmware and Ekorrci Firmware The web application stores credentials in clear text in the "admin.xml" file, which can be accessed without logging into the website, which could allow an attacker to obtain credentials related to all users, including admin users, in clear text, and use them to subsequently execute malicious actions. | 5.5 |
| 2023-09-20 | CVE-2022-47562 | Allocation of Resources Without Limits or Throttling vulnerability in Ormazabal Ekorccp Firmware and Ekorrci Firmware Vulnerability in the RCPbind service running on UDP port (111), allowing a remote attacker to create a denial of service (DoS) condition. | 7.5 |
| 2023-09-19 | CVE-2022-47559 | Cross-Site Request Forgery (CSRF) vulnerability in Ormazabal Ekorccp Firmware and Ekorrci Firmware Lack of device control over web requests in ekorCCP and ekorRCI, allowing an attacker to create customised requests to execute malicious actions when a user is logged in, affecting availability, privacy and integrity. | 8.8 |
| 2023-09-19 | CVE-2022-47553 | Incorrect Authorization vulnerability in Ormazabal Ekorccp Firmware and Ekorrci Firmware Incorrect authorisation in ekorCCP and ekorRCI, which could allow a remote attacker to obtain resources with sensitive information for the organisation, without being authenticated within the web server. | 7.5 |
| 2023-09-19 | CVE-2022-47554 | Unspecified vulnerability in Ormazabal Ekorccp Firmware and Ekorrci Firmware Exposure of sensitive information in ekorCCP and ekorRCI, potentially allowing a remote attacker to obtain critical information from various .xml files, including .xml files containing credentials, without being authenticated within the web server. | 7.5 |
| 2023-09-19 | CVE-2022-47555 | OS Command Injection vulnerability in Ormazabal Ekorccp Firmware and Ekorrci Firmware Operating system command injection in ekorCCP and ekorRCI, which could allow an authenticated attacker to execute commands, create new users with elevated privileges or set up a backdoor. | 8.8 |
| 2023-09-19 | CVE-2022-47556 | Resource Exhaustion vulnerability in Ormazabal Ekorccp Firmware and Ekorrci Firmware Uncontrolled resource consumption in ekorRCI, allowing an attacker with low-privileged access to the web server to send continuous legitimate web requests to a functionality that is not properly validated, in order to cause a denial of service (DoS) on the device. | 6.5 |
| 2023-09-19 | CVE-2022-47557 | Use of Password Hash With Insufficient Computational Effort vulnerability in Ormazabal Ekorccp Firmware and Ekorrci Firmware Vulnerability in ekorCCP and ekorRCI that could allow an attacker with access to the network where the device is located to decrypt the credentials of privileged users, and subsequently gain access to the system to perform malicious actions. | 6.1 |
| 2023-09-19 | CVE-2022-47558 | Use of Hard-coded Credentials vulnerability in Ormazabal Ekorccp Firmware and Ekorrci Firmware Devices ekorCCP and ekorRCI are vulnerable due to access to the FTP service using default credentials. | 9.8 |