Lucene search

K
cve[email protected]CVE-2022-22523
HistorySep 28, 2022 - 2:15 p.m.

CVE-2022-22523

2022-09-2814:15:10
CWE-287
web.nvd.nist.gov
22
4
cve-2022-22523
authentication bypass
carlo gavazzi
cpy car park server
vulnerability
nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.8%

An improper authentication vulnerability exists in the Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 Web-App which allows an authentication bypass to the context of an unauthorised user if free-access is disabled.

Affected configurations

NVD
Node
gavazziautomationcpy_car_park_serverRange<2.8.3
Node
gavazziautomationuwp_3.0_monitoring_gateway_and_controller_firmwareRange<8.5.0.3
AND
gavazziautomationuwp_3.0_monitoring_gateway_and_controllerMatch-
Node
gavazziautomationuwp_3.0_monitoring_gateway_and_controller_firmwareRange<8.5.0.3edp
AND
gavazziautomationuwp_3.0_monitoring_gateway_and_controllerMatch-edp
Node
gavazziautomationuwp_3.0_monitoring_gateway_and_controller_firmwareRange<8.5.0.3security_enhanced
AND
gavazziautomationuwp_3.0_monitoring_gateway_and_controllerMatch-security_enhanced

CNA Affected

[
  {
    "product": "UWP 3.0 Monitoring Gateway and Controller",
    "vendor": "Carlo Gavazzi",
    "versions": [
      {
        "lessThan": "8.5.0.3",
        "status": "affected",
        "version": "8",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "UWP 3.0 Monitoring Gateway and Controller – Security Enhanced",
    "vendor": "Carlo Gavazzi",
    "versions": [
      {
        "lessThan": "8.5.0.3",
        "status": "affected",
        "version": "8",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "UWP 3.0 Monitoring Gateway and Controller – EDP version",
    "vendor": "Carlo Gavazzi",
    "versions": [
      {
        "lessThan": "8.5.0.3",
        "status": "affected",
        "version": "8",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CPY Car Park Server",
    "vendor": "Carlo Gavazzi",
    "versions": [
      {
        "lessThan": "2.8.3",
        "status": "affected",
        "version": "2",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.8%

Related for CVE-2022-22523