Lucene search
HistorySep 28, 2022 - 2:15 p.m.
CVE-2022-28811
carlo gavazzi
cpy car park server
api input validation
remote attacker
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
71.0%
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could utilize an improper input validation on an API-submitted parameter to execute arbitrary OS commands.
Affected configurations
Node
gavazziautomationcpy_car_park_serverRange<2.8.3
Node
gavazziautomationuwp_3.0_monitoring_gateway_and_controller_firmwareRange<8.5.0.3
gavazziautomationuwp_3.0_monitoring_gateway_and_controllerMatch-
Node
gavazziautomationuwp_3.0_monitoring_gateway_and_controller_firmwareRange<8.5.0.3edp
gavazziautomationuwp_3.0_monitoring_gateway_and_controllerMatch-edp
Node
gavazziautomationuwp_3.0_monitoring_gateway_and_controller_firmwareRange<8.5.0.3security_enhanced
gavazziautomationuwp_3.0_monitoring_gateway_and_controllerMatch-security_enhanced
References
Related
prion
prion
Input validation
2022-09-28 14:15:00
cve
cve
CVE-2022-28811
2022-09-28 14:15:10
cvelist
cvelist
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
71.0%
Related for NVD:CVE-2022-28811