CVE-2022-47558 — CRITICAL (9.4)

Vulnerability Description

Devices ekorCCP and ekorRCI are vulnerable due to access to the FTP service using default credentials. Exploitation of this vulnerability can allow an attacker to modify critical files that could allow the creation of new users, delete or modify existing users, modify configuration files, install rootkits or backdoors.

CVSS Score

9.4

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

LOW

Affected Products

Vendor	Product	Versions
Ormazabal	Ekorrci Firmware	601j
Ormazabal	Ekorrci	-
Ormazabal	Ekorccp Firmware	601j
Ormazabal	Ekorccp	-

Related Weaknesses (CWE)

CWE-284 CWE-798

References

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-Third Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-Third Party Advisory

FAQ

What is CVE-2022-47558?

CVE-2022-47558 is a vulnerability with a CVSS score of 9.4 (CRITICAL). Devices ekorCCP and ekorRCI are vulnerable due to access to the FTP service using default credentials. Exploitation of this vulnerability can allow an attacker to modify critical files that could allo...

How severe is CVE-2022-47558?

CVE-2022-47558 has been rated CRITICAL with a CVSS base score of 9.4/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2022-47558?

Check the references section above for vendor advisories and patch information. Affected products include: Ormazabal Ekorrci Firmware, Ormazabal Ekorrci, Ormazabal Ekorccp Firmware, Ormazabal Ekorccp.