Lucene search
+L

137 matches found

VulnCheck KEV
VulnCheck KEV
added 2023/06/22 12:0 a.m.11 views

VulnCheck KEV: CVE-2022-45699

Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter...

9.8CVSS7.6AI score0.76604EPSS
Exploits1References1
Openbugbounty
Openbugbounty
added 2023/04/29 9:28 a.m.8 views

ecu.edu Cross Site Scripting vulnerability OBB-3279939

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6AI score
Exploits0
OSV
OSV
added 2023/02/10 2:15 a.m.7 views

CVE-2022-45699

Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter...

9.8CVSS6AI score0.76604EPSS
Exploits1References3
NVD
NVD
added 2023/02/10 2:15 a.m.32 views

CVE-2022-45699

Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter...

9.8CVSS10AI score0.76604EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/02/10 12:0 a.m.6 views

PT-2023-14731

Name of the Vulnerable Software and Affected Versions APSystems ECU-R version 5203 Description The issue allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter in the administration interface. Recommendations For APSystems ECU-R version 5203,...

9.8CVSS7.5AI score0.76604EPSS
Exploits1References9
CVE
CVE
added 2023/02/10 12:0 a.m.75 views

CVE-2022-45699

APSystems ECU-R firmware, version 5203, is affected by a command injection in the administration interface via the timezone parameter. The vulnerability allows an unauthenticated remote attacker to execute arbitrary commands as root, potentially compromising the solar power management system. Roo...

9.8CVSS9.9AI score0.76604EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2022/11/30 12:0 a.m.70 views

APsystems Access Control Error Vulnerability

APsystems is a microinverter from APsystems, Inc. Combining high efficiency power conversion with a user-friendly monitoring interface, it brings you reliable and smart energy. An access control error vulnerability exists in APsystems ENERGY COMMUNICATION UNIT ECU-C Power Control Software version...

8.8CVSS8.9AI score0.00642EPSS
Exploits1References1
OSV
OSV
added 2022/11/29 4:15 a.m.5 views

CVE-2022-44037

An access control issue in APsystems ENERGY COMMUNICATION UNIT ECU-C Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows attackers to access sensitive data and execute specific commands and functions with full admin rights without authenticating allows him to perform multiple...

8.8CVSS5.9AI score0.00642EPSS
Exploits1References1
Prion
Prion
added 2022/11/29 4:15 a.m.21 views

Design/Logic Flaw

An access control issue in APsystems ENERGY COMMUNICATION UNIT ECU-C Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows attackers to access sensitive data and execute specific commands and functions with full admin rights without authenticating allows him to perform multiple...

5.8CVSS8.7AI score0.00642EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/11/29 12:0 a.m.57 views

CVE-2022-44037

CVE-2022-44037 refers to an improper access control flaw in APsystems ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software (versions V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2) that allows attackers to access sensitive data and execute commands with full admin rights without authentication. The...

8.8CVSS8.8AI score0.00642EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2022/09/29 12:0 a.m.29 views

Genivia Dlt-daemon Buffer Overflow Vulnerability

Dlt-daemon is the DLT communication interface for Genivia's ECU. It collects and buffers log messages from one or more DLT users running on the ECU and makes them available to DLT clients upon request. A buffer overflow vulnerability exists in Genivia Dlt-daemon 2.18.8 and prior versions, which...

5.5CVSS5.7AI score0.00417EPSS
Exploits3References1
CNVD
CNVD
added 2022/09/29 12:0 a.m.19 views

Genivia Dlt-daemon Denial of Service Vulnerability

Dlt-daemon is the DLT communication interface for Genivia's ECU. It collects and buffers log messages from one or more DLT users running on the ECU and makes them available to DLT clients upon request. A denial of service vulnerability exists in Genivia Dlt-daemon 2.18.8 and prior versions, which...

5.5CVSS5.5AI score0.00417EPSS
Exploits3References1
OSV
OSV
added 2022/05/24 5:39 p.m.30 views

GHSA-QVJR-X8FW-HGHV Credentials stored in plain text by Jenkins TraceTronic ECU-TEST Plugin

Jenkins TraceTronic ECU-TEST Plugin 2.23.1 and earlier stores credentials unencrypted in its global configuration file de.tracetronic.jenkins.plugins.ecutest.report.atx.installation.ATXInstallation.xml on the Jenkins controller as part of its configuration. These credentials can be viewed by user...

5.5CVSS5.6AI score0.00334EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/24 5:39 p.m.41 views

Credentials stored in plain text by Jenkins TraceTronic ECU-TEST Plugin

Jenkins TraceTronic ECU-TEST Plugin 2.23.1 and earlier stores credentials unencrypted in its global configuration file de.tracetronic.jenkins.plugins.ecutest.report.atx.installation.ATXInstallation.xml on the Jenkins controller as part of its configuration. These credentials can be viewed by user...

5.5CVSS5.4AI score0.00334EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/05/14 2:57 a.m.27 views

GHSA-HP7X-282P-HHR9 Jenkins TraceTronic ECU-TEST Plugin server-side request forgery vulnerability

A server-side request forgery vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java that allows attackers to have Jenkins send HTTP requests to an attacker-specified host...

6.5CVSS6.4AI score0.00862EPSS
Exploits0References5
OSV
OSV
added 2022/05/14 2:57 a.m.24 views

GHSA-W86J-99WG-R29F Jenkins TraceTronic ECU-TEST Plugin Man in the middle vulnerability

A man in the middle vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java, ATXValidator.java that allows attackers to impersonate any service that Jenkins connects to...

7.4CVSS7.3AI score0.00856EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/14 2:57 a.m.18 views

Jenkins TraceTronic ECU-TEST Plugin Man in the middle vulnerability

A man in the middle vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java, ATXValidator.java that allows attackers to impersonate any service that Jenkins connects to...

7.4CVSS6.6AI score0.00856EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 2:57 a.m.20 views

Jenkins TraceTronic ECU-TEST Plugin server-side request forgery vulnerability

A server-side request forgery vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java that allows attackers to have Jenkins send HTTP requests to an attacker-specified host...

6.5CVSS6.7AI score0.00862EPSS
Exploits0References5Affected Software1
Rapid7 Blog
Rapid7 Blog
added 2021/10/01 4:26 p.m.18 views

Metasploit Wrap-Up

Credential gatherers, mix-ins, oh my! We're excited that Metasploit now includes support for 28 related post modules for gathering credentials based on the PackRat toolset. This is a continuation of 5433, 11700, and 11719. It was developed by community contributors Kazuyoshi Maruta, Daniel...

0.5AI score
Exploits0
Metasploit
Metasploit
added 2021/09/29 5:42 p.m.172 views

ECU Hard Reset

This module performs hard reset in the ECU Reset Service Identifier 0x11. Module Options msf use post/hardware/automotive/ecuhardreset msf postecuhardreset show actions ...actions... msf postecuhardreset set ACTION msf postecuhardreset show options ...show and set options... msf postecuhardreset...

7.1AI score
Exploits0
Rows per page
Query Builder