137 matches found
VulnCheck KEV: CVE-2022-45699
Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter...
ecu.edu Cross Site Scripting vulnerability OBB-3279939
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2022-45699
Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter...
CVE-2022-45699
Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter...
PT-2023-14731
Name of the Vulnerable Software and Affected Versions APSystems ECU-R version 5203 Description The issue allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter in the administration interface. Recommendations For APSystems ECU-R version 5203,...
CVE-2022-45699
APSystems ECU-R firmware, version 5203, is affected by a command injection in the administration interface via the timezone parameter. The vulnerability allows an unauthenticated remote attacker to execute arbitrary commands as root, potentially compromising the solar power management system. Roo...
APsystems Access Control Error Vulnerability
APsystems is a microinverter from APsystems, Inc. Combining high efficiency power conversion with a user-friendly monitoring interface, it brings you reliable and smart energy. An access control error vulnerability exists in APsystems ENERGY COMMUNICATION UNIT ECU-C Power Control Software version...
CVE-2022-44037
An access control issue in APsystems ENERGY COMMUNICATION UNIT ECU-C Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows attackers to access sensitive data and execute specific commands and functions with full admin rights without authenticating allows him to perform multiple...
Design/Logic Flaw
An access control issue in APsystems ENERGY COMMUNICATION UNIT ECU-C Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows attackers to access sensitive data and execute specific commands and functions with full admin rights without authenticating allows him to perform multiple...
CVE-2022-44037
CVE-2022-44037 refers to an improper access control flaw in APsystems ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software (versions V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2) that allows attackers to access sensitive data and execute commands with full admin rights without authentication. The...
Genivia Dlt-daemon Buffer Overflow Vulnerability
Dlt-daemon is the DLT communication interface for Genivia's ECU. It collects and buffers log messages from one or more DLT users running on the ECU and makes them available to DLT clients upon request. A buffer overflow vulnerability exists in Genivia Dlt-daemon 2.18.8 and prior versions, which...
Genivia Dlt-daemon Denial of Service Vulnerability
Dlt-daemon is the DLT communication interface for Genivia's ECU. It collects and buffers log messages from one or more DLT users running on the ECU and makes them available to DLT clients upon request. A denial of service vulnerability exists in Genivia Dlt-daemon 2.18.8 and prior versions, which...
GHSA-QVJR-X8FW-HGHV Credentials stored in plain text by Jenkins TraceTronic ECU-TEST Plugin
Jenkins TraceTronic ECU-TEST Plugin 2.23.1 and earlier stores credentials unencrypted in its global configuration file de.tracetronic.jenkins.plugins.ecutest.report.atx.installation.ATXInstallation.xml on the Jenkins controller as part of its configuration. These credentials can be viewed by user...
Credentials stored in plain text by Jenkins TraceTronic ECU-TEST Plugin
Jenkins TraceTronic ECU-TEST Plugin 2.23.1 and earlier stores credentials unencrypted in its global configuration file de.tracetronic.jenkins.plugins.ecutest.report.atx.installation.ATXInstallation.xml on the Jenkins controller as part of its configuration. These credentials can be viewed by user...
GHSA-HP7X-282P-HHR9 Jenkins TraceTronic ECU-TEST Plugin server-side request forgery vulnerability
A server-side request forgery vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java that allows attackers to have Jenkins send HTTP requests to an attacker-specified host...
GHSA-W86J-99WG-R29F Jenkins TraceTronic ECU-TEST Plugin Man in the middle vulnerability
A man in the middle vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java, ATXValidator.java that allows attackers to impersonate any service that Jenkins connects to...
Jenkins TraceTronic ECU-TEST Plugin Man in the middle vulnerability
A man in the middle vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java, ATXValidator.java that allows attackers to impersonate any service that Jenkins connects to...
Jenkins TraceTronic ECU-TEST Plugin server-side request forgery vulnerability
A server-side request forgery vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java that allows attackers to have Jenkins send HTTP requests to an attacker-specified host...
Metasploit Wrap-Up
Credential gatherers, mix-ins, oh my! We're excited that Metasploit now includes support for 28 related post modules for gathering credentials based on the PackRat toolset. This is a continuation of 5433, 11700, and 11719. It was developed by community contributors Kazuyoshi Maruta, Daniel...
ECU Hard Reset
This module performs hard reset in the ECU Reset Service Identifier 0x11. Module Options msf use post/hardware/automotive/ecuhardreset msf postecuhardreset show actions ...actions... msf postecuhardreset set ACTION msf postecuhardreset show options ...show and set options... msf postecuhardreset...