CVE-2022-47562 - Vulnerability Details - OpenCVE

Vulnerability in the RCPbind service running on UDP port (111), allowing a remote attacker to create a denial of service (DoS) condition.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00268.

Exploitation none

Automatable yes

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Ormazabal

ekorCCP

unaffected

Version	Status	Constraints
`601j`	affected	—

Ormazabal

ekorRCI

unaffected

Version	Status	Constraints
`601j`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:ormazabal:ekorccp_firmware:601j:*:*:*:*:*:*:*

cpe:2.3:h:ormazabal:ekorccp:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:ormazabal:ekorrci_firmware:601j:*:*:*:*:*:*:*

cpe:2.3:h:ormazabal:ekorrci:-:*:*:*:*:*:*:*

No data.

No data.

Subscriptions

Vendors	Products
Ormazabal Subscribe	Ekorccp Subscribe Ekorccp Firmware Subscribe Ekorrci Subscribe Ekorrci Firmware Subscribe

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2022-50322	Vulnerability in the RCPbind service running on UDP port (111), allowing a remote attacker to create a denial of service (DoS) condition.

Fixes

Solution

Ormazabal recommends upgrading to updated models.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products

History

Tue, 24 Sep 2024 20:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: INCIBE

Published: 2023-09-20T07:56:29.612Z

Updated: 2024-09-24T19:14:56.262Z

Reserved: 2022-12-19T16:35:50.462Z

Link: CVE-2022-47562

Vulnrichment

Updated: 2024-08-03T14:55:08.316Z

NVD

Status : Modified

Published: 2023-09-20T08:15:15.937

Modified: 2024-11-21T07:32:12.047

Link: CVE-2022-47562

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-770

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-47562", "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "state": "PUBLISHED", "assignerShortName": "INCIBE", "dateReserved": "2022-12-19T16:35:50.462Z", "datePublished": "2023-09-20T07:56:29.612Z", "dateUpdated": "2024-09-24T19:14:56.262Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ekorCCP", "vendor": "Ormazabal", "versions": [{"status": "affected", "version": "601j"}]}, {"defaultStatus": "unaffected", "product": "ekorRCI", "vendor": "Ormazabal", "versions": [{"status": "affected", "version": "601j"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Jacinto Moral Matell\u00e1n"}], "datePublic": "2023-08-22T10:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Vulnerability in the RCPbind service running on UDP port (111), allowing a remote attacker to create a denial of service (DoS) condition."}], "value": "Vulnerability in the RCPbind service running on UDP port (111), allowing a remote attacker to create a denial of service (DoS) condition."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "shortName": "INCIBE", "dateUpdated": "2023-09-20T07:56:29.612Z"}, "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Ormazabal recommends upgrading to updated models."}], "value": "Ormazabal recommends upgrading to updated models."}], "source": {"discovery": "EXTERNAL"}, "tags": ["unsupported-when-assigned"], "title": "Allocation of Resources Without Limits or Throttling in Ormazabal products", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:55:08.316Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "ormazabal", "product": "ekorccp", "cpes": ["cpe:2.3:h:ormazabal:ekorccp:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "601j", "status": "affected"}]}, {"vendor": "ormazabal", "product": "ekorrci", "cpes": ["cpe:2.3:h:ormazabal:ekorrci:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "601j", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-24T19:12:47.926882Z", "id": "CVE-2022-47562", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-24T19:14:56.262Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:55:08.316Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-47562", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-24T19:12:47.926882Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:ormazabal:ekorccp:-:*:*:*:*:*:*:*"], "vendor": "ormazabal", "product": "ekorccp", "versions": [{"status": "affected", "version": "601j"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:ormazabal:ekorrci:-:*:*:*:*:*:*:*"], "vendor": "ormazabal", "product": "ekorrci", "versions": [{"status": "affected", "version": "601j"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-24T19:14:46.512Z"}}], "cna": {"tags": ["unsupported-when-assigned"], "title": "Allocation of Resources Without Limits or Throttling in Ormazabal products", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Jacinto Moral Matell\u00e1n"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Ormazabal", "product": "ekorCCP", "versions": [{"status": "affected", "version": "601j"}], "defaultStatus": "unaffected"}, {"vendor": "Ormazabal", "product": "ekorRCI", "versions": [{"status": "affected", "version": "601j"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Ormazabal recommends upgrading to updated models.", "supportingMedia": [{"type": "text/html", "value": "Ormazabal recommends upgrading to updated models.", "base64": false}]}], "datePublic": "2023-08-22T10:00:00.000Z", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Vulnerability in the RCPbind service running on UDP port (111), allowing a remote attacker to create a denial of service (DoS) condition.", "supportingMedia": [{"type": "text/html", "value": "Vulnerability in the RCPbind service running on UDP port (111), allowing a remote attacker to create a denial of service (DoS) condition.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling"}]}], "providerMetadata": {"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "shortName": "INCIBE", "dateUpdated": "2023-09-20T07:56:29.612Z"}}}, "cveMetadata": {"cveId": "CVE-2022-47562", "state": "PUBLISHED", "dateUpdated": "2024-09-24T19:14:56.262Z", "dateReserved": "2022-12-19T16:35:50.462Z", "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "datePublished": "2023-09-20T07:56:29.612Z", "assignerShortName": "INCIBE"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ormazabal:ekorccp_firmware:601j:*:*:*:*:*:*:*", "matchCriteriaId": "3A8F0358-F8FA-4AEB-B88E-C56E2E965B7B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ormazabal:ekorccp:-:*:*:*:*:*:*:*", "matchCriteriaId": "77B2D423-E767-495C-93C7-4C4B724BE3E3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ormazabal:ekorrci_firmware:601j:*:*:*:*:*:*:*", "matchCriteriaId": "34615054-34DD-469E-80FC-F5C3F74850AC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ormazabal:ekorrci:-:*:*:*:*:*:*:*", "matchCriteriaId": "C5E73387-2229-4A85-A3A7-A0A2C1D74EA6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [{"sourceIdentifier": "cve-coordination@incibe.es", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the RCPbind service running on UDP port (111), allowing a remote attacker to create a denial of service (DoS) condition."}, {"lang": "es", "value": "** NO SOPORTADO CUANDO EST\u00c1 ASIGNADO ** Vulnerabilidad en el servicio RCPbind que se ejecuta en el puerto UDP (111), lo que permite a un atacante remoto crear una condici\u00f3n de denegaci\u00f3n de servicio (DoS)."}], "id": "CVE-2022-47562", "lastModified": "2024-11-21T07:32:12.047", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "cve-coordination@incibe.es", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-20T08:15:15.937", "references": [{"source": "cve-coordination@incibe.es", "tags": ["Third Party Advisory"], "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products"}], "sourceIdentifier": "cve-coordination@incibe.es", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "cve-coordination@incibe.es", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}]}