Main Vulnerability Database Vulnerabilities #VU85754

Improper access control in Energy communication Unit (ECU-C) Power Control Software - CVE-2022-44037

Published: January 24, 2024

Vulnerability identifier: #VU85754

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2022-44037

CWE-ID: CWE-284

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Energy communication Unit (ECU-C) Power Control Software

Software vendor:
Altenergy Power System

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote attacker on the local network can bypass implemented security restrictions and gain unauthorized access to the application.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Improper access control in Energy communication Unit (ECU-C) Power Control Software - CVE-2022-44037

Description

Remediation

External links

Please verify you're human