CVE-2022-44037

Published: Nov 29, 2022Modified: Apr 25, 2025

8.8

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

An access control issue in APsystems ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows attackers to access sensitive data and execute specific commands and functions with full admin rights without authenticating allows him to perform multiple attacks, such as attacking wireless network in the product's range.

Affected (5)

Products: Apsystems: Ecu C Firmware

Apsystems

1 product

Ecu C Firmware

Configuration A

5 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Apsystems Ecu C Firmware	Version c1.2.2
Apsystems Ecu C Firmware	Version v3.11.4
Apsystems Ecu C Firmware	Version v4.1na
Apsystems Ecu C Firmware	Version v4.1saa
Apsystems Ecu C Firmware	Version w2.1na

Running on/with	Platform Versions
Apsystems Ecu C	All versions

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://cyber-guy.gitbook.io/cyber-guys-blog/pocs/cve-2022-44037

Source: cve@mitre.org

ExploitThird Party Advisory

https://cyber-guy.gitbook.io/cyber-guys-blog/pocs/cve-2022-44037

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.