Vulnerabilites related to apsystems - ecu-c
Vulnerability from fkie_nvd
Published
2022-11-29 04:15
Modified
2025-04-25 16:15
Severity ?
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An access control issue in APsystems ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows attackers to access sensitive data and execute specific commands and functions with full admin rights without authenticating allows him to perform multiple attacks, such as attacking wireless network in the product's range.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cyber-guy.gitbook.io/cyber-guys-blog/pocs/cve-2022-44037 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cyber-guy.gitbook.io/cyber-guys-blog/pocs/cve-2022-44037 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apsystems | ecu-c_firmware | c1.2.2 | |
| apsystems | ecu-c_firmware | v3.11.4 | |
| apsystems | ecu-c_firmware | v4.1na | |
| apsystems | ecu-c_firmware | v4.1saa | |
| apsystems | ecu-c_firmware | w2.1na | |
| apsystems | ecu-c | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apsystems:ecu-c_firmware:c1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3DFF1FF3-D5F3-4868-AC83-370AB5FF3A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apsystems:ecu-c_firmware:v3.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4CF2AA5A-DB33-4676-8952-986E0E27B2E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apsystems:ecu-c_firmware:v4.1na:*:*:*:*:*:*:*",
"matchCriteriaId": "7151F8C2-2D1F-4748-9A32-E48A6563BC45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apsystems:ecu-c_firmware:v4.1saa:*:*:*:*:*:*:*",
"matchCriteriaId": "8FCB9C96-631A-4E64-BDE9-F89610EFABBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apsystems:ecu-c_firmware:w2.1na:*:*:*:*:*:*:*",
"matchCriteriaId": "781E686D-5409-40C4-A350-550B0D8C3AF0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apsystems:ecu-c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "285ADFEF-682C-4B96-BF16-088443FB9E49",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An access control issue in APsystems ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows attackers to access sensitive data and execute specific commands and functions with full admin rights without authenticating allows him to perform multiple attacks, such as attacking wireless network in the product\u0027s range."
},
{
"lang": "es",
"value": "Un problema de control de acceso en APsystems ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 permite a los atacantes acceder a datos confidenciales y ejecutar comandos y funciones espec\u00edficas con total derecho de administrador sin autenticaci\u00f3n le permiten realizar m\u00faltiples ataques, como atacar la red inal\u00e1mbrica dentro del alcance del producto."
}
],
"id": "CVE-2022-44037",
"lastModified": "2025-04-25T16:15:23.793",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-11-29T04:15:11.027",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cyber-guy.gitbook.io/cyber-guys-blog/pocs/cve-2022-44037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cyber-guy.gitbook.io/cyber-guys-blog/pocs/cve-2022-44037"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-11 22:15
Modified
2025-01-27 18:15
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Altenergy Power Control Software C1.2.5 was discovered to contain a remote code execution (RCE) vulnerability via the component /models/management_model.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apsystems:alternergy_power_control_software:c1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "63E8FD80-FB6E-41B3-8060-2E9EFBF2A4F6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apsystems:ecu-c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "285ADFEF-682C-4B96-BF16-088443FB9E49",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apsystems:ecu-r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98AEB1B4-3D08-4A07-9954-07F22C4C63F7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Altenergy Power Control Software C1.2.5 was discovered to contain a remote code execution (RCE) vulnerability via the component /models/management_model.php."
}
],
"id": "CVE-2023-31502",
"lastModified": "2025-01-27T18:15:34.863",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-05-11T22:15:11.457",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ahmedalroky/Disclosures/blob/main/apesystems/Insufficient_Verification_of_Data_Authenticity.MD"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ahmedalroky/Disclosures/blob/main/apesystems/Insufficient_Verification_of_Data_Authenticity.MD"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-31502 (GCVE-0-2023-31502)
Vulnerability from cvelistv5
Published
2023-05-11 00:00
Modified
2025-01-27 17:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Altenergy Power Control Software C1.2.5 was discovered to contain a remote code execution (RCE) vulnerability via the component /models/management_model.php.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:53:30.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ahmedalroky/Disclosures/blob/main/apesystems/Insufficient_Verification_of_Data_Authenticity.MD"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-31502",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T17:11:12.196111Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T17:11:16.794Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Altenergy Power Control Software C1.2.5 was discovered to contain a remote code execution (RCE) vulnerability via the component /models/management_model.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-11T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/ahmedalroky/Disclosures/blob/main/apesystems/Insufficient_Verification_of_Data_Authenticity.MD"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-31502",
"datePublished": "2023-05-11T00:00:00.000Z",
"dateReserved": "2023-04-29T00:00:00.000Z",
"dateUpdated": "2025-01-27T17:11:16.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-44037 (GCVE-0-2022-44037)
Vulnerability from cvelistv5
Published
2022-11-29 00:00
Modified
2025-04-25 15:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An access control issue in APsystems ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows attackers to access sensitive data and execute specific commands and functions with full admin rights without authenticating allows him to perform multiple attacks, such as attacking wireless network in the product's range.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:47:05.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cyber-guy.gitbook.io/cyber-guys-blog/pocs/cve-2022-44037"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-44037",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T15:35:46.766837Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T15:36:32.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An access control issue in APsystems ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows attackers to access sensitive data and execute specific commands and functions with full admin rights without authenticating allows him to perform multiple attacks, such as attacking wireless network in the product\u0027s range."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-29T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://cyber-guy.gitbook.io/cyber-guys-blog/pocs/cve-2022-44037"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-44037",
"datePublished": "2022-11-29T00:00:00.000Z",
"dateReserved": "2022-10-30T00:00:00.000Z",
"dateUpdated": "2025-04-25T15:36:32.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-202211-1969
Vulnerability from variot
An access control issue in APsystems ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows attackers to access sensitive data and execute specific commands and functions with full admin rights without authenticating allows him to perform multiple attacks, such as attacking wireless network in the product's range. APSystems of ecu-c There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. APsystems is a micro-inverter produced by APsystems in the United States. Combining high-efficiency power conversion with a user-friendly monitoring interface brings you reliable, smart energy. Attackers can use the vulnerability to access sensitive data. Executing specific commands and functions with administrator privileges can also launch other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202211-1969",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ecu-c",
"scope": "eq",
"trust": 1.0,
"vendor": "apsystems",
"version": "w2.1na"
},
{
"model": "ecu-c",
"scope": "eq",
"trust": 1.0,
"vendor": "apsystems",
"version": "v4.1na"
},
{
"model": "ecu-c",
"scope": "eq",
"trust": 1.0,
"vendor": "apsystems",
"version": "c1.2.2"
},
{
"model": "ecu-c",
"scope": "eq",
"trust": 1.0,
"vendor": "apsystems",
"version": "v4.1saa"
},
{
"model": "ecu-c",
"scope": "eq",
"trust": 1.0,
"vendor": "apsystems",
"version": "v3.11.4"
},
{
"model": "ecu-c",
"scope": "eq",
"trust": 0.8,
"vendor": "apsystems",
"version": "ecu-c firmware v4.1na"
},
{
"model": "ecu-c",
"scope": "eq",
"trust": 0.8,
"vendor": "apsystems",
"version": "ecu-c firmware v4.1saa"
},
{
"model": "ecu-c",
"scope": null,
"trust": 0.8,
"vendor": "apsystems",
"version": null
},
{
"model": "ecu-c",
"scope": "eq",
"trust": 0.8,
"vendor": "apsystems",
"version": "ecu-c firmware w2.1na"
},
{
"model": "ecu-c",
"scope": "eq",
"trust": 0.8,
"vendor": "apsystems",
"version": null
},
{
"model": "ecu-c",
"scope": "eq",
"trust": 0.8,
"vendor": "apsystems",
"version": "ecu-c firmware v3.11.4"
},
{
"model": "ecu-c",
"scope": "eq",
"trust": 0.8,
"vendor": "apsystems",
"version": "ecu-c firmware c1.2.2"
},
{
"model": "energy communication unit power control software v4.1na",
"scope": null,
"trust": 0.6,
"vendor": "apsystems",
"version": null
},
{
"model": "energy communication unit power control software",
"scope": "eq",
"trust": 0.6,
"vendor": "apsystems",
"version": "v3.11.4"
},
{
"model": "energy communication unit power control software w2.1na",
"scope": null,
"trust": 0.6,
"vendor": "apsystems",
"version": null
},
{
"model": "energy communication unit power control software 4.1saa",
"scope": null,
"trust": 0.6,
"vendor": "apsystems",
"version": null
},
{
"model": "energy communication unit power control software c1.2.2",
"scope": null,
"trust": 0.6,
"vendor": "apsystems",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86372"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022336"
},
{
"db": "NVD",
"id": "CVE-2022-44037"
}
]
},
"cve": "CVE-2022-44037",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2022-86372",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-44037",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-44037",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-44037",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-44037",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-86372",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202211-3613",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86372"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022336"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3613"
},
{
"db": "NVD",
"id": "CVE-2022-44037"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An access control issue in APsystems ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows attackers to access sensitive data and execute specific commands and functions with full admin rights without authenticating allows him to perform multiple attacks, such as attacking wireless network in the product\u0027s range. APSystems of ecu-c There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. APsystems is a micro-inverter produced by APsystems in the United States. Combining high-efficiency power conversion with a user-friendly monitoring interface brings you reliable, smart energy. Attackers can use the vulnerability to access sensitive data. Executing specific commands and functions with administrator privileges can also launch other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-44037"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022336"
},
{
"db": "CNVD",
"id": "CNVD-2022-86372"
},
{
"db": "VULMON",
"id": "CVE-2022-44037"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-44037",
"trust": 3.9
},
{
"db": "JVN",
"id": "JVNVU90499563",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-023-01",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022336",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-86372",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3613",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-44037",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86372"
},
{
"db": "VULMON",
"id": "CVE-2022-44037"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022336"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3613"
},
{
"db": "NVD",
"id": "CVE-2022-44037"
}
]
},
"id": "VAR-202211-1969",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86372"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86372"
}
]
},
"last_update_date": "2024-08-14T15:37:18.338000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-022336"
},
{
"db": "NVD",
"id": "CVE-2022-44037"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://cyber-guy.gitbook.io/cyber-guys-blog/pocs/cve-2022-44037"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90499563/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-44037"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-01"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-44037/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86372"
},
{
"db": "VULMON",
"id": "CVE-2022-44037"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022336"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3613"
},
{
"db": "NVD",
"id": "CVE-2022-44037"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-86372"
},
{
"db": "VULMON",
"id": "CVE-2022-44037"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022336"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3613"
},
{
"db": "NVD",
"id": "CVE-2022-44037"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-86372"
},
{
"date": "2022-11-29T00:00:00",
"db": "VULMON",
"id": "CVE-2022-44037"
},
{
"date": "2023-11-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-022336"
},
{
"date": "2022-11-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-3613"
},
{
"date": "2022-11-29T04:15:11.027000",
"db": "NVD",
"id": "CVE-2022-44037"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-86372"
},
{
"date": "2022-11-29T00:00:00",
"db": "VULMON",
"id": "CVE-2022-44037"
},
{
"date": "2024-01-25T04:54:00",
"db": "JVNDB",
"id": "JVNDB-2022-022336"
},
{
"date": "2022-12-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-3613"
},
{
"date": "2023-08-08T14:21:49.707000",
"db": "NVD",
"id": "CVE-2022-44037"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-3613"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "APSystems\u00a0 of \u00a0ecu-c\u00a0 Firmware vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-022336"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-3613"
}
],
"trust": 0.6
}
}