CVE-2022-44037

Name of the Vulnerable Software and Affected Versions APsystems ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software versions V3.11.4, V4.1NA, V4.1SAA, W2.1NA, C1.2.2

Description An access control issue in the APsystems ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software allows attackers to access sensitive data and execute specific commands and functions with full admin rights without authenticating. This enables them to perform multiple attacks, such as attacking the wireless network in the product's range. The vulnerability is also related to deficiencies in password reset code access control, which can allow a remote attacker to execute arbitrary code.

Recommendations For versions V3.11.4, V4.1NA, V4.1SAA, W2.1NA, C1.2.2, consider disabling access to sensitive data and commands until a patch is available. Restrict access to the password reset functionality to minimize the risk of exploitation. Avoid using the software with full admin rights until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.