Authentication flaw

2022-09-2814:15:00

PRIOn knowledge base

www.prio-n.com

authentication

vulnerability

carlo gavazzi

cpy car park server

access control

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.8%

JSON

An improper authentication vulnerability exists in the Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 Web-App which allows an authentication bypass to the context of an unauthorised user if free-access is disabled.

CPENameOperatorVersion
cpy_car_park_serverlt2.8.3
uwp_3.0_monitoring_gateway_and_controller_firmwarelt8.5.0.3
uwp_3.0_monitoring_gateway_and_controller_firmwarelt8.5.0.3
uwp_3.0_monitoring_gateway_and_controller_firmwarelt8.5.0.3

Name	Operator	Version
cpy_car_park_server	lt	2.8.3
uwp_3.0_monitoring_gateway_and_controller_firmware	lt	8.5.0.3
uwp_3.0_monitoring_gateway_and_controller_firmware	lt	8.5.0.3
uwp_3.0_monitoring_gateway_and_controller_firmware	lt	8.5.0.3

References

cert.vde.com/en/advisories/VDE-2022-029/