{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-47557","assignerOrgId":"0cbda920-cd7f-484a-8e76-bf7f4b7f4516","state":"PUBLISHED","assignerShortName":"INCIBE","dateReserved":"2022-12-19T16:35:50.461Z","datePublished":"2023-09-19T12:54:52.788Z","dateUpdated":"2024-08-03T14:55:08.383Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"ekorCCP","vendor":"Ormazabal","versions":[{"status":"affected","version":"601j"}]},{"defaultStatus":"unaffected","product":"ekorRCI","vendor":"Ormazabal","versions":[{"status":"affected","version":"601j"}]}],"credits":[{"lang":"en","type":"finder","user":"00000000-0000-4000-9000-000000000000","value":"Jacinto Moral Matellán"}],"datePublic":"2023-08-22T10:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Vulnerability in ekorCCP and ekorRCI that could allow an attacker with access to the network where the device is located to decrypt the credentials of privileged users, and subsequently gain access to the system to perform malicious actions."}],"value":"Vulnerability in ekorCCP and ekorRCI that could allow an attacker with access to the network where the device is located to decrypt the credentials of privileged users, and subsequently gain access to the system to perform malicious actions."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-916","description":"CWE-916 Use of Password Hash With Insufficient Computational Effort","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"0cbda920-cd7f-484a-8e76-bf7f4b7f4516","shortName":"INCIBE","dateUpdated":"2023-09-19T12:54:52.788Z"},"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Ormazabal recommends upgrading to updated models."}],"value":"Ormazabal recommends upgrading to updated models."}],"source":{"discovery":"EXTERNAL"},"tags":["unsupported-when-assigned"],"title":"Use of Password Hash With Insufficient Computational Effort in Ormazabal products","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-07-11T19:20:00.767578Z","id":"CVE-2022-47557","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-07-11T19:20:07.461Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T14:55:08.383Z"},"title":"CVE Program Container","references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products","tags":["x_transferred"]}]}]}}