CVE-2022-4557

Summary

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.

This issue affects Smartpower Web: before 23.01.01.

Affected Software

VendorProductVersion RangeStatus
Group Arge Energy and Control SystemsSmartpower Web0 < 23.01.01affected

Weaknesses

  • CWE-89: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References