8.8
CVE-2022-44037
- EPSS 0.07%
- Veröffentlicht 29.11.2022 04:15:11
- Zuletzt bearbeitet 25.04.2025 16:15:23
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
An access control issue in APsystems ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows attackers to access sensitive data and execute specific commands and functions with full admin rights without authenticating allows him to perform multiple attacks, such as attacking wireless network in the product's range.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Apsystems ≫ Ecu-c Firmware Versionc1.2.2
Apsystems ≫ Ecu-c Firmware Versionv3.11.4
Apsystems ≫ Ecu-c Firmware Versionv4.1na
Apsystems ≫ Ecu-c Firmware Versionv4.1saa
Apsystems ≫ Ecu-c Firmware Versionw2.1na
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.207 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.