Cyber Guy's Blog
Search
⌃K

CVE-2022-44037

Incorrect Access Control | ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software - V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2
CVE ID: CVE-2022-44037
CVE Author: Momen Eldawakhly (Cyber Guy)
Vendor: APsystem
Product: ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software
Affected Versions: V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2
Description:
An access control issue in APsystems ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows attackers to access sensitive data and execute specific commands and functions with full admin rights without authenticating allows him to perform multiple attacks, such as attacking wireless network in the product's range.
PoC Image:
Wireless Access & Control
Full LAN Access
Remote Inverter Control
Previous
CVE-2022-44928
Next
Omnia Node MPX Auth Bypass via LFD
Last modified 3mo ago