CVE-2022-47555 – This CVE describes an operating system command ... (How to Fix)

Q: What is the severity of CVE-2022-47555?

CVE-2022-47555 has a CVSS score of 9.3 (CRITICAL). This CVE describes an operating system command injection vulnerability in ekorCCP and ekorRCI software from Ormazabal. Authenticated attackers can execute arbitrary commands on affected systems, potentially creating new users with elevated privileges or establishing backdoors. Organizations using Ormazabal's ekorCCP or ekorRCI products are affected.

📋 TL;DR

This CVE describes an operating system command injection vulnerability in ekorCCP and ekorRCI software from Ormazabal. Authenticated attackers can execute arbitrary commands on affected systems, potentially creating new users with elevated privileges or establishing backdoors. Organizations using Ormazabal's ekorCCP or ekorRCI products are affected.

💻 Affected Systems

Products:

ekorCCP
ekorRCI

Versions: Specific versions not detailed in references, but all versions prior to patched versions are likely affected.

Operating Systems: Not specified, but likely various Linux/Unix-based systems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects Ormazabal products used in electrical substation automation and control systems. Requires authenticated access to exploit.

📦 What is this software?

Ekorccp Firmware by Ormazabal

View all CVEs affecting Ekorccp Firmware →

Ekorrci Firmware by Ormazabal

View all CVEs affecting Ekorrci Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attacker to execute arbitrary commands as root/admin, create persistent backdoors, exfiltrate sensitive data, and pivot to other network systems.

🟠

Likely Case

Authenticated attacker gains command execution on affected systems, potentially creating unauthorized users, modifying configurations, or deploying malware.

🟢

If Mitigated

With proper network segmentation, strong authentication controls, and monitoring, impact limited to isolated system compromise with limited lateral movement.

🌐 Internet-Facing: HIGH if vulnerable systems are exposed to internet, as authenticated access could be obtained through various means.

🏢 Internal Only: HIGH as authenticated internal users or compromised credentials could lead to system compromise.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Command injection vulnerabilities typically have low exploitation complexity once authentication is obtained. No public exploit code identified in references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in provided references

Vendor Advisory: https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products

Restart Required: Yes

Instructions:

1. Contact Ormazabal for specific patched versions. 2. Apply vendor-provided patches. 3. Restart affected services/systems. 4. Verify patch application.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected systems from untrusted networks and limit access to authorized users only.

Authentication Hardening

all

Implement strong authentication mechanisms and regularly rotate credentials.

🧯 If You Can't Patch

Implement strict network access controls to limit who can reach affected systems
Enable detailed logging and monitoring for command execution attempts and user creation activities

🔍 How to Verify

Check if Vulnerable:

Check system version against vendor advisory. Look for ekorCCP or ekorRCI installations in your environment.

Check Version:

Vendor-specific command not provided. Check product documentation or contact Ormazabal.

Verify Fix Applied:

Verify patch version matches vendor recommendations. Test that command injection attempts are properly sanitized.

📡 Detection & Monitoring

Log Indicators:

Unusual command execution patterns
Unexpected user creation events
Suspicious process execution from web interfaces

Network Indicators:

Unusual outbound connections from affected systems
Traffic to unexpected ports

SIEM Query:

source="ekor*" AND (event_type="command_execution" OR user_creation="true")

📊 Metadata

CVE ID: CVE-2022-47555

CVSS v3 Score: 9.3 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

CWE: CWE-78

Published: September 19, 2023

Last Updated: November 21, 2024

🔗 References

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products Third Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-47555, you might also want to check these: