CVE-2022-47561

{"id": "CVE-2022-47561", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "cve-coordination@incibe.es", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 2.5}]}, "published": "2023-09-20T08:15:15.380", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products", "tags": ["Third Party Advisory"], "source": "cve-coordination@incibe.es"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-522"}]}, {"type": "Secondary", "source": "cve-coordination@incibe.es", "description": [{"lang": "en", "value": "CWE-256"}]}], "descriptions": [{"lang": "en", "value": "The web application stores credentials in clear text in the \"admin.xml\" file, which can be accessed without logging into the website, which could allow an attacker to obtain credentials related to all users, including admin users, in clear text, and use them to subsequently execute malicious actions."}, {"lang": "es", "value": "** NO COMPATIBLE CUANDO EST\u00c1 ASIGNADO ** La aplicaci\u00f3n web almacena las credenciales en texto sin cifrar en el archivo \"admin.xml\", al que se puede acceder sin iniciar sesi\u00f3n en el sitio web, lo que podr\u00eda permitir a un atacante obtener credenciales relacionados con todos los usuarios, incluidos los usuarios administradores. , en texto claro, y utilizarlos para ejecutar posteriormente acciones maliciosas."}], "lastModified": "2024-04-11T01:17:17.047", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ormazabal:ekorccp_firmware:601j:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A8F0358-F8FA-4AEB-B88E-C56E2E965B7B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ormazabal:ekorccp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "77B2D423-E767-495C-93C7-4C4B724BE3E3"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ormazabal:ekorrci_firmware:601j:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34615054-34DD-469E-80FC-F5C3F74850AC"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ormazabal:ekorrci:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C5E73387-2229-4A85-A3A7-A0A2C1D74EA6"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve-coordination@incibe.es"}