CVE-2022-47559

Lack of device control over web requests in ekorCCP and ekorRCI, allowing an attacker to create customised requests to execute malicious actions when a user is logged in, affecting availability, privacy and integrity.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:ormazabal:ekorrci_firmware:601j:*:*:*:*:*:*:*
cpe:2.3:h:ormazabal:ekorrci:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:ormazabal:ekorccp_firmware:601j:*:*:*:*:*:*:*
cpe:2.3:h:ormazabal:ekorccp:-:*:*:*:*:*:*:*

History

07 Nov 2023, 03:56

Type Values Removed Values Added
Summary ** UNSUPPPORTED WHEN ASSIGNED ** Lack of device control over web requests in ekorCCP and ekorRCI, allowing an attacker to create customised requests to execute malicious actions when a user is logged in, affecting availability, privacy and integrity. Lack of device control over web requests in ekorCCP and ekorRCI, allowing an attacker to create customised requests to execute malicious actions when a user is logged in, affecting availability, privacy and integrity.

21 Sep 2023, 19:53

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
CWE CWE-352
First Time Ormazabal ekorccp Firmware
Ormazabal ekorrci Firmware
Ormazabal ekorccp
Ormazabal
Ormazabal ekorrci
References (MISC) https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products - (MISC) https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products - Third Party Advisory
CPE cpe:2.3:o:ormazabal:ekorccp_firmware:601j:*:*:*:*:*:*:*
cpe:2.3:h:ormazabal:ekorrci:-:*:*:*:*:*:*:*
cpe:2.3:h:ormazabal:ekorccp:-:*:*:*:*:*:*:*
cpe:2.3:o:ormazabal:ekorrci_firmware:601j:*:*:*:*:*:*:*

19 Sep 2023, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-19 14:15

Updated : 2024-08-03 15:15


NVD link : CVE-2022-47559

Mitre link : CVE-2022-47559

CVE.ORG link : CVE-2022-47559


JSON object : View

Products Affected

ormazabal

  • ekorrci
  • ekorccp_firmware
  • ekorrci_firmware
  • ekorccp
CWE
CWE-352

Cross-Site Request Forgery (CSRF)