Sql injection

2022-09-2814:15:00

PRIOn knowledge base

www.prio-n.com

carlo gavazzi

uwp3.0

cpy car park server

sql-injection

vulnerability

remote attacker

database access

modify users

stop services

9.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.5%

JSON

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an unauthenticated remote attacker could utilize a SQL-Injection vulnerability to gain full database access, modify users and stop services .

CPENameOperatorVersion
cpy_car_park_serverlt2.8.3
uwp_3.0_monitoring_gateway_and_controller_firmwarelt8.5.0.3
uwp_3.0_monitoring_gateway_and_controller_firmwarelt8.5.0.3
uwp_3.0_monitoring_gateway_and_controller_firmwarelt8.5.0.3

Name	Operator	Version
cpy_car_park_server	lt	2.8.3
uwp_3.0_monitoring_gateway_and_controller_firmware	lt	8.5.0.3
uwp_3.0_monitoring_gateway_and_controller_firmware	lt	8.5.0.3
uwp_3.0_monitoring_gateway_and_controller_firmware	lt	8.5.0.3

References

cert.vde.com/en/advisories/VDE-2022-029/