var-202211-1969
Vulnerability from variot
An access control issue in APsystems ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows attackers to access sensitive data and execute specific commands and functions with full admin rights without authenticating allows him to perform multiple attacks, such as attacking wireless network in the product's range. APSystems of ecu-c There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. APsystems is a micro-inverter produced by APsystems in the United States. Combining high-efficiency power conversion with a user-friendly monitoring interface brings you reliable, smart energy. Attackers can use the vulnerability to access sensitive data. Executing specific commands and functions with administrator privileges can also launch other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202211-1969",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ecu-c",
"scope": "eq",
"trust": 1.0,
"vendor": "apsystems",
"version": "v3.11.4"
},
{
"model": "ecu-c",
"scope": "eq",
"trust": 1.0,
"vendor": "apsystems",
"version": "w2.1na"
},
{
"model": "ecu-c",
"scope": "eq",
"trust": 1.0,
"vendor": "apsystems",
"version": "v4.1saa"
},
{
"model": "ecu-c",
"scope": "eq",
"trust": 1.0,
"vendor": "apsystems",
"version": "c1.2.2"
},
{
"model": "ecu-c",
"scope": "eq",
"trust": 1.0,
"vendor": "apsystems",
"version": "v4.1na"
},
{
"model": "ecu-c",
"scope": "eq",
"trust": 0.8,
"vendor": "apsystems",
"version": "ecu-c firmware v4.1na"
},
{
"model": "ecu-c",
"scope": "eq",
"trust": 0.8,
"vendor": "apsystems",
"version": "ecu-c firmware v4.1saa"
},
{
"model": "ecu-c",
"scope": null,
"trust": 0.8,
"vendor": "apsystems",
"version": null
},
{
"model": "ecu-c",
"scope": "eq",
"trust": 0.8,
"vendor": "apsystems",
"version": "ecu-c firmware w2.1na"
},
{
"model": "ecu-c",
"scope": "eq",
"trust": 0.8,
"vendor": "apsystems",
"version": null
},
{
"model": "ecu-c",
"scope": "eq",
"trust": 0.8,
"vendor": "apsystems",
"version": "ecu-c firmware v3.11.4"
},
{
"model": "ecu-c",
"scope": "eq",
"trust": 0.8,
"vendor": "apsystems",
"version": "ecu-c firmware c1.2.2"
},
{
"model": "energy communication unit power control software v4.1na",
"scope": null,
"trust": 0.6,
"vendor": "apsystems",
"version": null
},
{
"model": "energy communication unit power control software",
"scope": "eq",
"trust": 0.6,
"vendor": "apsystems",
"version": "v3.11.4"
},
{
"model": "energy communication unit power control software w2.1na",
"scope": null,
"trust": 0.6,
"vendor": "apsystems",
"version": null
},
{
"model": "energy communication unit power control software 4.1saa",
"scope": null,
"trust": 0.6,
"vendor": "apsystems",
"version": null
},
{
"model": "energy communication unit power control software c1.2.2",
"scope": null,
"trust": 0.6,
"vendor": "apsystems",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86372"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022336"
},
{
"db": "NVD",
"id": "CVE-2022-44037"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apsystems:ecu-c_firmware:v4.1na:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apsystems:ecu-c_firmware:v3.11.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apsystems:ecu-c_firmware:w2.1na:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apsystems:ecu-c_firmware:v4.1saa:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apsystems:ecu-c_firmware:c1.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:apsystems:ecu-c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-44037"
}
]
},
"cve": "CVE-2022-44037",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2022-86372",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-44037",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-44037",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2022-86372",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202211-3613",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86372"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022336"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3613"
},
{
"db": "NVD",
"id": "CVE-2022-44037"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An access control issue in APsystems ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows attackers to access sensitive data and execute specific commands and functions with full admin rights without authenticating allows him to perform multiple attacks, such as attacking wireless network in the product\u0027s range. APSystems of ecu-c There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. APsystems is a micro-inverter produced by APsystems in the United States. Combining high-efficiency power conversion with a user-friendly monitoring interface brings you reliable, smart energy. Attackers can use the vulnerability to access sensitive data. Executing specific commands and functions with administrator privileges can also launch other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-44037"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022336"
},
{
"db": "CNVD",
"id": "CNVD-2022-86372"
},
{
"db": "VULMON",
"id": "CVE-2022-44037"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-44037",
"trust": 3.9
},
{
"db": "JVN",
"id": "JVNVU90499563",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-023-01",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022336",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-86372",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3613",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-44037",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86372"
},
{
"db": "VULMON",
"id": "CVE-2022-44037"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022336"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3613"
},
{
"db": "NVD",
"id": "CVE-2022-44037"
}
]
},
"id": "VAR-202211-1969",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86372"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86372"
}
]
},
"last_update_date": "2024-01-31T22:15:06.246000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-022336"
},
{
"db": "NVD",
"id": "CVE-2022-44037"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://cyber-guy.gitbook.io/cyber-guys-blog/pocs/cve-2022-44037"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90499563/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-44037"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-01"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-44037/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86372"
},
{
"db": "VULMON",
"id": "CVE-2022-44037"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022336"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3613"
},
{
"db": "NVD",
"id": "CVE-2022-44037"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-86372"
},
{
"db": "VULMON",
"id": "CVE-2022-44037"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022336"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3613"
},
{
"db": "NVD",
"id": "CVE-2022-44037"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-86372"
},
{
"date": "2022-11-29T00:00:00",
"db": "VULMON",
"id": "CVE-2022-44037"
},
{
"date": "2023-11-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-022336"
},
{
"date": "2022-11-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-3613"
},
{
"date": "2022-11-29T04:15:11.027000",
"db": "NVD",
"id": "CVE-2022-44037"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-86372"
},
{
"date": "2022-11-29T00:00:00",
"db": "VULMON",
"id": "CVE-2022-44037"
},
{
"date": "2024-01-25T04:54:00",
"db": "JVNDB",
"id": "JVNDB-2022-022336"
},
{
"date": "2022-12-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-3613"
},
{
"date": "2023-08-08T14:21:49.707000",
"db": "NVD",
"id": "CVE-2022-44037"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-3613"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "APSystems\u00a0 of \u00a0ecu-c\u00a0 Firmware vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-022336"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-3613"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.