Sign-up

ID

VAR-202211-1969


CVE

CVE-2022-44037


TITLE

APSystems  of  ecu-c  Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2022-022336

DESCRIPTION

An access control issue in APsystems ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows attackers to access sensitive data and execute specific commands and functions with full admin rights without authenticating allows him to perform multiple attacks, such as attacking wireless network in the product's range. APSystems of ecu-c There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. APsystems is a micro-inverter produced by APsystems in the United States. Combining high-efficiency power conversion with a user-friendly monitoring interface brings you reliable, smart energy. Attackers can use the vulnerability to access sensitive data. Executing specific commands and functions with administrator privileges can also launch other attacks

Trust: 2.25

sources: NVD: CVE-2022-44037 // JVNDB: JVNDB-2022-022336 // CNVD: CNVD-2022-86372 // VULMON: CVE-2022-44037

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-86372

AFFECTED PRODUCTS

vendor:apsystemsmodel:ecu-cscope:eqversion:w2.1na

Trust: 1.0

vendor:apsystemsmodel:ecu-cscope:eqversion:v4.1na

Trust: 1.0

vendor:apsystemsmodel:ecu-cscope:eqversion:c1.2.2

Trust: 1.0

vendor:apsystemsmodel:ecu-cscope:eqversion:v4.1saa

Trust: 1.0

vendor:apsystemsmodel:ecu-cscope:eqversion:v3.11.4

Trust: 1.0

vendor:apsystemsmodel:ecu-cscope:eqversion:ecu-c firmware v4.1na

Trust: 0.8

vendor:apsystemsmodel:ecu-cscope:eqversion:ecu-c firmware v4.1saa

Trust: 0.8

vendor:apsystemsmodel:ecu-cscope: - version: -

Trust: 0.8

vendor:apsystemsmodel:ecu-cscope:eqversion:ecu-c firmware w2.1na

Trust: 0.8

vendor:apsystemsmodel:ecu-cscope:eqversion: -

Trust: 0.8

vendor:apsystemsmodel:ecu-cscope:eqversion:ecu-c firmware v3.11.4

Trust: 0.8

vendor:apsystemsmodel:ecu-cscope:eqversion:ecu-c firmware c1.2.2

Trust: 0.8

vendor:apsystemsmodel:energy communication unit power control software v4.1nascope: - version: -

Trust: 0.6

vendor:apsystemsmodel:energy communication unit power control softwarescope:eqversion:v3.11.4

Trust: 0.6

vendor:apsystemsmodel:energy communication unit power control software w2.1nascope: - version: -

Trust: 0.6

vendor:apsystemsmodel:energy communication unit power control software 4.1saascope: - version: -

Trust: 0.6

vendor:apsystemsmodel:energy communication unit power control software c1.2.2scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2022-86372 // JVNDB: JVNDB-2022-022336 // NVD: CVE-2022-44037

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-44037
value: HIGH

Trust: 1.0

NVD: CVE-2022-44037
value: HIGH

Trust: 0.8

CNVD: CNVD-2022-86372
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202211-3613
value: HIGH

Trust: 0.6

CNVD: CNVD-2022-86372
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-44037
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-44037
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-86372 // JVNDB: JVNDB-2022-022336 // CNNVD: CNNVD-202211-3613 // NVD: CVE-2022-44037

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-022336 // NVD: CVE-2022-44037

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202211-3613

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202211-3613

EXTERNAL IDS

db:NVDid:CVE-2022-44037

Trust: 3.9

db:JVNid:JVNVU90499563

Trust: 0.8

db:ICS CERTid:ICSA-24-023-01

Trust: 0.8

db:JVNDBid:JVNDB-2022-022336

Trust: 0.8

db:CNVDid:CNVD-2022-86372

Trust: 0.6

db:CNNVDid:CNNVD-202211-3613

Trust: 0.6

db:VULMONid:CVE-2022-44037

Trust: 0.1

sources: CNVD: CNVD-2022-86372 // VULMON: CVE-2022-44037 // JVNDB: JVNDB-2022-022336 // CNNVD: CNNVD-202211-3613 // NVD: CVE-2022-44037

REFERENCES

url:https://cyber-guy.gitbook.io/cyber-guys-blog/pocs/cve-2022-44037

Trust: 3.1

url:https://jvn.jp/vu/jvnvu90499563/index.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-44037

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-01

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-44037/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2022-86372 // VULMON: CVE-2022-44037 // JVNDB: JVNDB-2022-022336 // CNNVD: CNNVD-202211-3613 // NVD: CVE-2022-44037

SOURCES

db:CNVDid:CNVD-2022-86372
db:VULMONid:CVE-2022-44037
db:JVNDBid:JVNDB-2022-022336
db:CNNVDid:CNNVD-202211-3613
db:NVDid:CVE-2022-44037

LAST UPDATE DATE

2024-08-14T15:37:18.338000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-86372date:2022-12-09T00:00:00
db:VULMONid:CVE-2022-44037date:2022-11-29T00:00:00
db:JVNDBid:JVNDB-2022-022336date:2024-01-25T04:54:00
db:CNNVDid:CNNVD-202211-3613date:2022-12-07T00:00:00
db:NVDid:CVE-2022-44037date:2023-08-08T14:21:49.707

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-86372date:2022-12-07T00:00:00
db:VULMONid:CVE-2022-44037date:2022-11-29T00:00:00
db:JVNDBid:JVNDB-2022-022336date:2023-11-16T00:00:00
db:CNNVDid:CNNVD-202211-3613date:2022-11-29T00:00:00
db:NVDid:CVE-2022-44037date:2022-11-29T04:15:11.027