Input validation

2022-09-2814:15:00

PRIOn knowledge base

www.prio-n.com

input validation

carlo gavazzi

cpy car park server

remote attacker

os commands

9.6 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.0%

JSON

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could utilize an improper input validation on an API-submitted parameter to execute arbitrary OS commands.

CPENameOperatorVersion
cpy_car_park_serverlt2.8.3
uwp_3.0_monitoring_gateway_and_controller_firmwarelt8.5.0.3
uwp_3.0_monitoring_gateway_and_controller_firmwarelt8.5.0.3
uwp_3.0_monitoring_gateway_and_controller_firmwarelt8.5.0.3

Name	Operator	Version
cpy_car_park_server	lt	2.8.3
uwp_3.0_monitoring_gateway_and_controller_firmware	lt	8.5.0.3
uwp_3.0_monitoring_gateway_and_controller_firmware	lt	8.5.0.3
uwp_3.0_monitoring_gateway_and_controller_firmware	lt	8.5.0.3

References

cert.vde.com/en/advisories/VDE-2022-029/