Lucene search

K
nvd[email protected]NVD:CVE-2022-28812
HistorySep 28, 2022 - 2:15 p.m.

CVE-2022-28812

2022-09-2814:15:10
CWE-798
web.nvd.nist.gov
cve-2022-28812
remote attacker
unauthenticated access
superuser access
device vulnerability

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.004 Low

EPSS

Percentile

72.5%

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain SuperUser access to the device.

Affected configurations

NVD
Node
gavazziautomationcpy_car_park_serverRange<2.8.3
Node
gavazziautomationuwp_3.0_monitoring_gateway_and_controller_firmwareRange<8.5.0.3
AND
gavazziautomationuwp_3.0_monitoring_gateway_and_controllerMatch-
Node
gavazziautomationuwp_3.0_monitoring_gateway_and_controller_firmwareRange<8.5.0.3edp
AND
gavazziautomationuwp_3.0_monitoring_gateway_and_controllerMatch-edp
Node
gavazziautomationuwp_3.0_monitoring_gateway_and_controller_firmwareRange<8.5.0.3security_enhanced
AND
gavazziautomationuwp_3.0_monitoring_gateway_and_controllerMatch-security_enhanced

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.004 Low

EPSS

Percentile

72.5%

Related for NVD:CVE-2022-28812