Main Vulnerability Database SB2024012421

SB2024012421 - Improper access control in APsystems Energy Communication Unit (ECU-C) Power Control Software

Published: January 24, 2024

Security Bulletin ID SB2024012421

Severity

Medium

Patch available

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper access control (CVE-ID: CVE-2022-44037)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote attacker on the local network can bypass implemented security restrictions and gain unauthorized access to the application.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://cyber-guy.gitbook.io/cyber-guys-blog/pocs/cve-2022-44037
https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-01