CVE-2022-47557

MEDIUM

EkorCCP/EkorRCI - Privilege Escalation

Title source: llm

Description

Vulnerability in ekorCCP and ekorRCI that could allow an attacker with access to the network where the device is located to decrypt the credentials of privileged users, and subsequently gain access to the system to perform malicious actions.

References (1)

[Third Party Advisory] https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products

Scores

CVSS v3 6.1

EPSS 0.0003

EPSS Percentile 10.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-916

Status published

Products (2)

ormazabal/ekorccp_firmware 601j

ormazabal/ekorrci_firmware 601j

Published Sep 19, 2023

Tracked Since Feb 18, 2026