Uwp 3.0 Monitoring Gateway And Controller Firmware Security Vulnerabilities and Issues — Uwp 3.0 Monitoring Gateway And Controller Firmware CVE List

Lucene search

GavazziautomationUwp 3.0 Monitoring Gateway And Controller Firmware

11 matches found

CVE•added 2022/09/28 2:15 p.m.•587 views

CVE-2022-28811

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could utilize an improper input validation on an API-submitted parameter to execute arbitrary OS commands.

9.8CVSS9.8AI score0.00442EPSS

CVE•added 2022/09/28 2:15 p.m.•552 views

CVE-2022-22526

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a missing authentication allows for full access via API.

9.8CVSS9.7AI score0.00099EPSS

CVE•added 2022/09/28 2:15 p.m.•45 views

CVE-2022-28812

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain SuperUser access to the device.

9.8CVSS9.7AI score0.0049EPSS

CVE•added 2022/09/28 2:15 p.m.•41 views

CVE-2022-22522

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain full access to the device.

9.8CVSS9.7AI score0.0031EPSS

CVE•added 2022/09/28 2:15 p.m.•41 views

CVE-2022-28813

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of an SQL-injection to gain access to a volatile temporary database with the current states of the device.

7.5CVSS7.7AI score0.0022EPSS

CVE•added 2022/09/28 2:15 p.m.•41 views

CVE-2022-28814

Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 was discovered to be vulnerable to a relative path traversal vulnerability which enables remote attackers to read arbitrary files and gain full control of the device.

9.8CVSS9.7AI score0.00641EPSS

CVE•added 2022/09/28 2:15 p.m.•39 views

CVE-2022-22524

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an unauthenticated remote attacker could utilize a SQL-Injection vulnerability to gain full database access, modify users and stop services .

9.4CVSS9.5AI score0.00318EPSS

CVE•added 2022/09/28 2:15 p.m.•36 views

CVE-2022-22523

An improper authentication vulnerability exists in the Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 Web-App which allows an authentication bypass to the context of an unauthorised user if free-access is disabled.

7.5CVSS7.7AI score0.00031EPSS

CVE•added 2022/09/28 2:15 p.m.•36 views

CVE-2022-22525

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an remote attacker with admin rights could execute arbitrary commands due to missing input sanitization in the backup restore function

7.2CVSS7.3AI score0.00105EPSS

CVE•added 2022/09/28 2:15 p.m.•36 views

CVE-2022-28815

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy server was discovered to contain a SQL injection vulnerability allowing an attacker to query other tables of the Sentilo service.

2.7CVSS4.4AI score0.00074EPSS

CVE•added 2022/09/28 2:15 p.m.•36 views

CVE-2022-28816

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy is prone to reflected XSS which only affects the Sentilo service.

6.1CVSS6AI score0.00112EPSS