PatchSiren

Gruparge CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Gruparge CVE published 2023-02-12

CVE-2022-45090

CVE-2022-45090 is a HIGH severity SQL Injection vulnerability (CVSS 3.1: 8.8) in Gruparge Smartpower Web, an energy and control systems management platform. The vulnerability stems from improper input validation (CWE-89) and allows authenticated attackers with low privileges to execute arbitrary SQL commands, potentially leading to complete confidentiality, integrity, and availability compromise of the ap [truncated]

HIGH Gruparge CVE published 2023-02-12

CVE-2022-45089

CVE-2022-45089 is a HIGH severity SQL Injection vulnerability (CVSS 3.1: 8.8) affecting Gruparge Smartpower Web, an energy and control systems management platform. The vulnerability stems from improper input validation, allowing authenticated attackers with low privileges to execute arbitrary SQL commands. The issue affects all versions prior to 23.01.01. This CVE was published on 2023-02-12 and last modi [truncated]

MEDIUM Gruparge CVE published 2023-02-12

CVE-2022-45087

A stored or reflected Cross-Site Scripting (XSS) vulnerability exists in Gruparge Smartpower Web, an energy and control systems management platform, affecting versions prior to 23.01.01. The flaw stems from improper neutralization of user-supplied input during web page generation (CWE-79), allowing attackers to inject malicious scripts that execute in victims' browsers. With a CVSS 3.1 score of 6.1 (Mediu [truncated]

MEDIUM Gruparge CVE published 2023-02-12

CVE-2022-45085

CVE-2022-45085 is a server-side request forgery (SSRF) vulnerability affecting Smartpower Web versions before 23.01.01. NVD maps the issue to CWE-918 and rates it CVSS 3.1 6.5/Medium. Because the attack vector is network-based and requires only low privileges with no user interaction, affected deployments should be prioritized for update and access review.