Lucene search
HistorySep 28, 2022 - 2:15 p.m.
CVE-2022-22524
carlo gavazzi
uwp3.0
cpy car park server
sql-injection
remote attacker
database access
users
services
security vulnerability
9.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
0.002 Low
EPSS
Percentile
61.5%
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an unauthenticated remote attacker could utilize a SQL-Injection vulnerability to gain full database access, modify users and stop services .
Affected configurations
Node
gavazziautomationcpy_car_park_serverRange<2.8.3
Node
gavazziautomationuwp_3.0_monitoring_gateway_and_controller_firmwareRange<8.5.0.3
gavazziautomationuwp_3.0_monitoring_gateway_and_controllerMatch-
Node
gavazziautomationuwp_3.0_monitoring_gateway_and_controller_firmwareRange<8.5.0.3edp
gavazziautomationuwp_3.0_monitoring_gateway_and_controllerMatch-edp
Node
gavazziautomationuwp_3.0_monitoring_gateway_and_controller_firmwareRange<8.5.0.3security_enhanced
gavazziautomationuwp_3.0_monitoring_gateway_and_controllerMatch-security_enhanced
References
Related
cvelist
cvelist
prion
prion
Sql injection
2022-09-28 14:15:00
cve
cve
CVE-2022-22524
2022-09-28 14:15:10
9.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
0.002 Low
EPSS
Percentile
61.5%
Related for NVD:CVE-2022-22524