VAR-202211-1969
Vulnerability from variot - Updated: 2025-04-25 23:10An access control issue in APsystems ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows attackers to access sensitive data and execute specific commands and functions with full admin rights without authenticating allows him to perform multiple attacks, such as attacking wireless network in the product's range. APSystems of ecu-c There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. APsystems is a micro-inverter produced by APsystems in the United States. Combining high-efficiency power conversion with a user-friendly monitoring interface brings you reliable, smart energy. Attackers can use the vulnerability to access sensitive data. Executing specific commands and functions with administrator privileges can also launch other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202211-1969",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ecu-c",
"scope": "eq",
"trust": 1.0,
"vendor": "apsystems",
"version": "w2.1na"
},
{
"model": "ecu-c",
"scope": "eq",
"trust": 1.0,
"vendor": "apsystems",
"version": "v4.1saa"
},
{
"model": "ecu-c",
"scope": "eq",
"trust": 1.0,
"vendor": "apsystems",
"version": "c1.2.2"
},
{
"model": "ecu-c",
"scope": "eq",
"trust": 1.0,
"vendor": "apsystems",
"version": "v4.1na"
},
{
"model": "ecu-c",
"scope": "eq",
"trust": 1.0,
"vendor": "apsystems",
"version": "v3.11.4"
},
{
"model": "ecu-c",
"scope": "eq",
"trust": 0.8,
"vendor": "apsystems",
"version": "ecu-c firmware v4.1na"
},
{
"model": "ecu-c",
"scope": "eq",
"trust": 0.8,
"vendor": "apsystems",
"version": "ecu-c firmware v4.1saa"
},
{
"model": "ecu-c",
"scope": null,
"trust": 0.8,
"vendor": "apsystems",
"version": null
},
{
"model": "ecu-c",
"scope": "eq",
"trust": 0.8,
"vendor": "apsystems",
"version": "ecu-c firmware w2.1na"
},
{
"model": "ecu-c",
"scope": "eq",
"trust": 0.8,
"vendor": "apsystems",
"version": null
},
{
"model": "ecu-c",
"scope": "eq",
"trust": 0.8,
"vendor": "apsystems",
"version": "ecu-c firmware v3.11.4"
},
{
"model": "ecu-c",
"scope": "eq",
"trust": 0.8,
"vendor": "apsystems",
"version": "ecu-c firmware c1.2.2"
},
{
"model": "energy communication unit power control software v4.1na",
"scope": null,
"trust": 0.6,
"vendor": "apsystems",
"version": null
},
{
"model": "energy communication unit power control software",
"scope": "eq",
"trust": 0.6,
"vendor": "apsystems",
"version": "v3.11.4"
},
{
"model": "energy communication unit power control software w2.1na",
"scope": null,
"trust": 0.6,
"vendor": "apsystems",
"version": null
},
{
"model": "energy communication unit power control software 4.1saa",
"scope": null,
"trust": 0.6,
"vendor": "apsystems",
"version": null
},
{
"model": "energy communication unit power control software c1.2.2",
"scope": null,
"trust": 0.6,
"vendor": "apsystems",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86372"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022336"
},
{
"db": "NVD",
"id": "CVE-2022-44037"
}
]
},
"cve": "CVE-2022-44037",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2022-86372",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-44037",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-44037",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-44037",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2022-44037",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-44037",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-86372",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202211-3613",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86372"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022336"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3613"
},
{
"db": "NVD",
"id": "CVE-2022-44037"
},
{
"db": "NVD",
"id": "CVE-2022-44037"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An access control issue in APsystems ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows attackers to access sensitive data and execute specific commands and functions with full admin rights without authenticating allows him to perform multiple attacks, such as attacking wireless network in the product\u0027s range. APSystems of ecu-c There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. APsystems is a micro-inverter produced by APsystems in the United States. Combining high-efficiency power conversion with a user-friendly monitoring interface brings you reliable, smart energy. Attackers can use the vulnerability to access sensitive data. Executing specific commands and functions with administrator privileges can also launch other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-44037"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022336"
},
{
"db": "CNVD",
"id": "CNVD-2022-86372"
},
{
"db": "VULMON",
"id": "CVE-2022-44037"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-44037",
"trust": 3.9
},
{
"db": "JVN",
"id": "JVNVU90499563",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-023-01",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022336",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-86372",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3613",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-44037",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86372"
},
{
"db": "VULMON",
"id": "CVE-2022-44037"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022336"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3613"
},
{
"db": "NVD",
"id": "CVE-2022-44037"
}
]
},
"id": "VAR-202211-1969",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86372"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86372"
}
]
},
"last_update_date": "2025-04-25T23:10:59.951000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-022336"
},
{
"db": "NVD",
"id": "CVE-2022-44037"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://cyber-guy.gitbook.io/cyber-guys-blog/pocs/cve-2022-44037"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90499563/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-44037"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-01"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-44037/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-86372"
},
{
"db": "VULMON",
"id": "CVE-2022-44037"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022336"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3613"
},
{
"db": "NVD",
"id": "CVE-2022-44037"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-86372"
},
{
"db": "VULMON",
"id": "CVE-2022-44037"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022336"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3613"
},
{
"db": "NVD",
"id": "CVE-2022-44037"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-86372"
},
{
"date": "2022-11-29T00:00:00",
"db": "VULMON",
"id": "CVE-2022-44037"
},
{
"date": "2023-11-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-022336"
},
{
"date": "2022-11-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-3613"
},
{
"date": "2022-11-29T04:15:11.027000",
"db": "NVD",
"id": "CVE-2022-44037"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-86372"
},
{
"date": "2022-11-29T00:00:00",
"db": "VULMON",
"id": "CVE-2022-44037"
},
{
"date": "2024-01-25T04:54:00",
"db": "JVNDB",
"id": "JVNDB-2022-022336"
},
{
"date": "2022-12-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-3613"
},
{
"date": "2025-04-25T16:15:23.793000",
"db": "NVD",
"id": "CVE-2022-44037"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-3613"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "APSystems\u00a0 of \u00a0ecu-c\u00a0 Firmware vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-022336"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-3613"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…