Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
8 vulnerabilities by Group Arge Energy and Control Systems
CVE-2022-4557 (GCVE-0-2022-4557)
Vulnerability from cvelistv5 – Published: 2023-02-09 10:50 – Updated: 2026-05-18 14:24
VLAI
Title
SQL Injection in Smartpower Web
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.
This issue affects Smartpower Web: before 23.01.01.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.usom.gov.tr/bildirim/tr-23-0066 | government-resourcebroken-link |
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Group Arge Energy and Control Systems | Smartpower Web |
Affected:
0 , < 23.01.01
(custom)
|
Date Public
2023-02-08 11:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:41:45.723Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.usom.gov.tr/bildirim/tr-23-0066"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4557",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-24T17:49:39.290531Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T18:30:49.630Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Smartpower Web",
"vendor": "Group Arge Energy and Control Systems",
"versions": [
{
"lessThan": "23.01.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-02-08T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.\u003cp\u003eThis issue affects Smartpower Web: before 23.01.01.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.\n\nThis issue affects Smartpower Web: before 23.01.01."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T14:24:25.998Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource",
"broken-link"
],
"url": "https://www.usom.gov.tr/bildirim/tr-23-0066"
},
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0066"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the software to \u0026gt;= 23.01.01"
}
],
"value": "Update the software to \u003e= 23.01.01"
}
],
"source": {
"advisory": "TR-23-0066",
"defect": [
"TR-23-0066"
],
"discovery": "EXTERNAL"
},
"title": "SQL Injection in Smartpower Web",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2022-4557",
"datePublished": "2023-02-09T10:50:03.914Z",
"dateReserved": "2022-12-16T14:16:49.490Z",
"dateUpdated": "2026-05-18T14:24:25.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-45091 (GCVE-0-2022-45091)
Vulnerability from cvelistv5 – Published: 2023-02-08 19:27 – Updated: 2026-05-18 14:39
VLAI
Title
Cross-site Scripting in Smartpower Web
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS).
This issue affects Smartpower Web: before 23.01.01.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.usom.gov.tr/bildirim/tr-23-0066 | government-resourcebroken-link |
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Group Arge Energy and Control Systems | Smartpower Web |
Affected:
0 , < 23.01.01
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:01:31.452Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.usom.gov.tr/bildirim/tr-23-0066"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-45091",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-24T19:11:41.039766Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T19:11:45.416Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Smartpower Web",
"vendor": "Group Arge Energy and Control Systems",
"versions": [
{
"lessThan": "23.01.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS).\u003cp\u003eThis issue affects Smartpower Web: before 23.01.01.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS).\n\nThis issue affects Smartpower Web: before 23.01.01."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T14:39:27.356Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource",
"broken-link"
],
"url": "https://www.usom.gov.tr/bildirim/tr-23-0066"
},
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0066"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the software to \u0026gt;= 23.01.01"
}
],
"value": "Update the software to \u003e= 23.01.01"
}
],
"source": {
"advisory": "TR-23-0066",
"defect": [
"TR-23-0066"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-11-08T14:44:00.000Z",
"value": "Vulnerability detected"
},
{
"lang": "en",
"time": "2022-11-09T10:35:00.000Z",
"value": "CVE ID reservation"
},
{
"lang": "en",
"time": "2022-11-09T12:00:00.000Z",
"value": "Vendor informed"
},
{
"lang": "en",
"time": "2023-01-01T10:00:00.000Z",
"value": "Patch published by vendor"
},
{
"lang": "en",
"time": "2023-02-08T13:00:00.000Z",
"value": "Government advisory published"
},
{
"lang": "en",
"time": "2023-02-08T14:50:00.000Z",
"value": "CVE published"
}
],
"title": "Cross-site Scripting in Smartpower Web",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2022-45091",
"datePublished": "2023-02-08T19:27:17.083Z",
"dateReserved": "2022-11-09T13:35:23.470Z",
"dateUpdated": "2026-05-18T14:39:27.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-45090 (GCVE-0-2022-45090)
Vulnerability from cvelistv5 – Published: 2023-02-08 19:21 – Updated: 2026-05-18 14:37
VLAI
Title
SQL Injection in Smartpower Web
Summary
Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.
This issue affects Smartpower Web: before 23.01.01.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.usom.gov.tr/bildirim/tr-23-0066 | government-resourcebroken-link |
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Group Arge Energy and Control Systems | Smartpower Web |
Affected:
0 , < 23.01.01
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:01:31.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.usom.gov.tr/bildirim/tr-23-0066"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-45090",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-24T19:12:09.543713Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T19:38:34.511Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Smartpower Web",
"vendor": "Group Arge Energy and Control Systems",
"versions": [
{
"lessThan": "23.01.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Furkan KUTLUCA"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.\u003cp\u003eThis issue affects Smartpower Web: before 23.01.01.\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.\n\nThis issue affects Smartpower Web: before 23.01.01."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T14:37:25.895Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource",
"broken-link"
],
"url": "https://www.usom.gov.tr/bildirim/tr-23-0066"
},
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0066"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the software to \u0026gt;= 23.01.01"
}
],
"value": "Update the software to \u003e= 23.01.01"
}
],
"source": {
"advisory": "TR-23-0066",
"defect": [
"TR-23-0066"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-11-08T14:44:00.000Z",
"value": "Vulnerability detected"
},
{
"lang": "en",
"time": "2022-11-09T10:35:00.000Z",
"value": "CVE ID reservation"
},
{
"lang": "en",
"time": "2022-11-09T12:00:00.000Z",
"value": "Vendor informed"
},
{
"lang": "en",
"time": "2023-01-01T10:00:00.000Z",
"value": "Patch published by vendor"
},
{
"lang": "en",
"time": "2023-02-08T13:00:00.000Z",
"value": "Government advisory published"
},
{
"lang": "en",
"time": "2023-02-08T14:50:00.000Z",
"value": "CVE published"
}
],
"title": "SQL Injection in Smartpower Web",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2022-45090",
"datePublished": "2023-02-08T19:21:32.092Z",
"dateReserved": "2022-11-09T13:35:23.470Z",
"dateUpdated": "2026-05-18T14:37:25.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-45089 (GCVE-0-2022-45089)
Vulnerability from cvelistv5 – Published: 2023-02-08 19:18 – Updated: 2026-05-18 14:34
VLAI
Title
SQL Injection in Smartpower Web
Summary
Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.
This issue affects Smartpower Web: before 23.01.01.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.usom.gov.tr/bildirim/tr-23-0066 | government-resourcebroken-link |
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Group Arge Energy and Control Systems | Smartpower Web |
Affected:
0 , < 23.01.01
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:01:31.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.usom.gov.tr/bildirim/tr-23-0066"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-45089",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-24T19:47:47.485436Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T19:47:53.654Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Smartpower Web",
"vendor": "Group Arge Energy and Control Systems",
"versions": [
{
"lessThan": "23.01.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Furkan KUTLUCA"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.\u003cp\u003eThis issue affects Smartpower Web: before 23.01.01.\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.\n\nThis issue affects Smartpower Web: before 23.01.01."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T14:34:40.076Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource",
"broken-link"
],
"url": "https://www.usom.gov.tr/bildirim/tr-23-0066"
},
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0066"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the software to \u0026gt;= 23.01.01"
}
],
"value": "Update the software to \u003e= 23.01.01"
}
],
"source": {
"advisory": "TR-23-0066",
"defect": [
"TR-23-0066"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-11-08T14:44:00.000Z",
"value": "Vulnerability detected"
},
{
"lang": "en",
"time": "2022-11-09T10:35:00.000Z",
"value": "CVE ID reservation"
},
{
"lang": "en",
"time": "2022-11-09T12:00:00.000Z",
"value": "Vendor informed"
},
{
"lang": "en",
"time": "2023-01-01T10:00:00.000Z",
"value": "Patch published by vendor"
},
{
"lang": "en",
"time": "2023-02-08T13:00:00.000Z",
"value": "Government advisory published"
},
{
"lang": "en",
"time": "2023-02-08T14:50:00.000Z",
"value": "CVE published"
}
],
"title": "SQL Injection in Smartpower Web",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2022-45089",
"datePublished": "2023-02-08T19:18:52.229Z",
"dateReserved": "2022-11-09T13:35:23.470Z",
"dateUpdated": "2026-05-18T14:34:40.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-45088 (GCVE-0-2022-45088)
Vulnerability from cvelistv5 – Published: 2023-02-08 18:50 – Updated: 2026-05-18 14:29
VLAI
Title
Local File Inclusion in Smartpower Web
Summary
Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows PHP Local File Inclusion.
This issue affects Smartpower Web: before 23.01.01.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.usom.gov.tr/bildirim/tr-23-0066 | government-resourcebroken-link |
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Group Arge Energy and Control Systems | Smartpower Web |
Affected:
0 , < 23.01.01
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:01:31.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.usom.gov.tr/bildirim/tr-23-0066"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-45088",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-24T19:48:08.787560Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T19:48:12.760Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Smartpower Web",
"vendor": "Group Arge Energy and Control Systems",
"versions": [
{
"lessThan": "23.01.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows PHP Local File Inclusion.\u003cp\u003eThis issue affects Smartpower Web: before 23.01.01.\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows PHP Local File Inclusion.\n\nThis issue affects Smartpower Web: before 23.01.01."
}
],
"impacts": [
{
"capecId": "CAPEC-252",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-252 PHP Local File Inclusion"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T14:29:59.468Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource",
"broken-link"
],
"url": "https://www.usom.gov.tr/bildirim/tr-23-0066"
},
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0066"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the software to \u0026gt;= 23.01.01"
}
],
"value": "Update the software to \u003e= 23.01.01"
}
],
"source": {
"advisory": "TR-23-0066",
"defect": [
"TR-23-0066"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-11-08T14:44:00.000Z",
"value": "Vulnerability detected"
},
{
"lang": "en",
"time": "2022-11-09T10:35:00.000Z",
"value": "CVE ID reservation"
},
{
"lang": "en",
"time": "2022-11-09T12:00:00.000Z",
"value": "Vendor informed"
},
{
"lang": "en",
"time": "2023-01-01T10:00:00.000Z",
"value": "Patch published by vendor"
},
{
"lang": "en",
"time": "2023-02-08T13:00:00.000Z",
"value": "Government advisory published"
},
{
"lang": "en",
"time": "2023-02-08T14:50:00.000Z",
"value": "CVE published"
}
],
"title": "Local File Inclusion in Smartpower Web",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2022-45088",
"datePublished": "2023-02-08T18:50:07.000Z",
"dateReserved": "2022-11-09T13:35:23.470Z",
"dateUpdated": "2026-05-18T14:29:59.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-45087 (GCVE-0-2022-45087)
Vulnerability from cvelistv5 – Published: 2023-02-08 18:46 – Updated: 2026-05-18 14:28
VLAI
Title
Cross-site Scripting in Smartpower Web
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS). This issue affects Smartpower Web: before 23.01.01.
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.usom.gov.tr/bildirim/tr-23-0066 | government-resourcebroken-link |
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Group Arge Energy and Control Systems | Smartpower Web |
Affected:
0 , < 23.01.01
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:01:31.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.usom.gov.tr/bildirim/tr-23-0066"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-45087",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-25T13:52:32.590384Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T13:52:39.650Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Smartpower Web",
"vendor": "Group Arge Energy and Control Systems",
"versions": [
{
"lessThan": "23.01.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS).\u0026nbsp;\u003cspan\u003eThis issue affects Smartpower Web: before 23.01.01.\u003c/span\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS).\u00a0This issue affects Smartpower Web: before 23.01.01."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T14:28:07.274Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource",
"broken-link"
],
"url": "https://www.usom.gov.tr/bildirim/tr-23-0066"
},
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0066"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the software to \u0026gt;= 23.01.01"
}
],
"value": "Update the software to \u003e= 23.01.01"
}
],
"source": {
"advisory": "TR-23-0066",
"defect": [
"TR-23-0066"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-11-08T14:44:00.000Z",
"value": "Vulnerability detected"
},
{
"lang": "en",
"time": "2022-11-09T10:35:00.000Z",
"value": "CVE ID reservation"
},
{
"lang": "en",
"time": "2022-11-09T12:00:00.000Z",
"value": "Vendor informed"
},
{
"lang": "en",
"time": "2023-01-01T10:00:00.000Z",
"value": "Patch published by vendor"
},
{
"lang": "en",
"time": "2023-02-08T13:00:00.000Z",
"value": "Government advisory published"
},
{
"lang": "en",
"time": "2023-02-08T14:50:00.000Z",
"value": "CVE published"
}
],
"title": "Cross-site Scripting in Smartpower Web",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2022-45087",
"datePublished": "2023-02-08T18:46:13.951Z",
"dateReserved": "2022-11-09T13:35:23.470Z",
"dateUpdated": "2026-05-18T14:28:07.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-45086 (GCVE-0-2022-45086)
Vulnerability from cvelistv5 – Published: 2023-02-08 18:27 – Updated: 2026-05-18 14:42
VLAI
Title
Cross-site Scripting in Smartpower Web
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS). This issue affects Smartpower Web: before 23.01.01.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.usom.gov.tr/bildirim/tr-23-0066 | government-resourcebroken-link |
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Group Arge Energy and Control Systems | Smartpower Web |
Affected:
0 , < 23.01.01
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:01:31.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.usom.gov.tr/bildirim/tr-23-0066"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-45086",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-25T13:53:26.674714Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T13:53:35.194Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Smartpower Web",
"vendor": "Group Arge Energy and Control Systems",
"versions": [
{
"lessThan": "23.01.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Furkan KUTLUCA"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS).\u0026nbsp;\u003cspan\u003eThis issue affects Smartpower Web: before 23.01.01.\u003c/span\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS).\u00a0This issue affects Smartpower Web: before 23.01.01."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T14:42:36.302Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource",
"broken-link"
],
"url": "https://www.usom.gov.tr/bildirim/tr-23-0066"
},
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0066"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the software to \u0026gt;= 23.01.01"
}
],
"value": "Update the software to \u003e= 23.01.01"
}
],
"source": {
"advisory": "TR-23-0066",
"defect": [
"TR-23-0066"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-11-08T14:44:00.000Z",
"value": "Vulnerability detected"
},
{
"lang": "en",
"time": "2022-11-09T10:35:00.000Z",
"value": "CVE ID reservation"
},
{
"lang": "en",
"time": "2022-11-09T12:00:00.000Z",
"value": "Vendor informed"
},
{
"lang": "en",
"time": "2023-01-01T10:00:00.000Z",
"value": "Patch published by vendor"
},
{
"lang": "en",
"time": "2023-02-08T13:00:00.000Z",
"value": "Government advisory published"
},
{
"lang": "en",
"time": "2023-02-08T14:50:00.000Z",
"value": "CVE published"
}
],
"title": "Cross-site Scripting in Smartpower Web",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2022-45086",
"datePublished": "2023-02-08T18:27:15.888Z",
"dateReserved": "2022-11-09T13:35:23.469Z",
"dateUpdated": "2026-05-18T14:42:36.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-45085 (GCVE-0-2022-45085)
Vulnerability from cvelistv5 – Published: 2023-02-08 14:48 – Updated: 2026-05-18 14:40
VLAI
Title
Server-Side Request Forgery in Smartpower Web
Summary
Server-Side Request Forgery (SSRF) vulnerability in Group Arge Energy and Control Systems Smartpower Web allows : Server Side Request Forgery.
This issue affects Smartpower Web: before 23.01.01.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.usom.gov.tr/bildirim/tr-23-0066 | government-resourcebroken-link |
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Group Arge Energy and Control Systems | Smartpower Web |
Affected:
0 , < 23.01.01
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:01:31.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.usom.gov.tr/bildirim/tr-23-0066"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-45085",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-25T13:57:20.371683Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T13:57:29.774Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Smartpower Web",
"vendor": "Group Arge Energy and Control Systems",
"versions": [
{
"lessThan": "23.01.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Furkan KUTLUCA"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Server-Side Request Forgery (SSRF) vulnerability in Group Arge Energy and Control Systems Smartpower Web allows : Server Side Request Forgery.\u003cp\u003eThis issue affects Smartpower Web: before 23.01.01.\u003c/p\u003e"
}
],
"value": "Server-Side Request Forgery (SSRF) vulnerability in Group Arge Energy and Control Systems Smartpower Web allows : Server Side Request Forgery.\n\nThis issue affects Smartpower Web: before 23.01.01."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664 Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T14:40:49.577Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource",
"broken-link"
],
"url": "https://www.usom.gov.tr/bildirim/tr-23-0066"
},
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0066"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the software to \u0026gt;= 23.01.01"
}
],
"value": "Update the software to \u003e= 23.01.01"
}
],
"source": {
"advisory": "TR-23-0066",
"defect": [
"TR-23-0066"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-11-08T14:44:00.000Z",
"value": "Vulnerability detected"
},
{
"lang": "en",
"time": "2022-11-09T10:35:00.000Z",
"value": "CVE reservation"
},
{
"lang": "en",
"time": "2022-11-09T12:00:00.000Z",
"value": "Vendor informed"
},
{
"lang": "en",
"time": "2023-01-01T10:00:00.000Z",
"value": "Patch published by vendor"
},
{
"lang": "en",
"time": "2023-02-08T13:00:00.000Z",
"value": "Government advisory published"
},
{
"lang": "en",
"time": "2023-02-08T14:50:00.000Z",
"value": "CVE published"
}
],
"title": "Server-Side Request Forgery in Smartpower Web",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2022-45085",
"datePublished": "2023-02-08T14:48:27.782Z",
"dateReserved": "2022-11-09T13:35:23.469Z",
"dateUpdated": "2026-05-18T14:40:49.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}