Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistCERTVDECVELIST:CVE-2022-28813
HistorySep 28, 2022 - 12:00 a.m.

CVE-2022-28813 SQL-injection in Car Park Server 3.0 allows for full database access.

2022-09-2800:00:00
CWE-89
CERTVDE
www.cve.org
cve-2022-28813
sql-injection
car park server 3.0
uwp3.0
cpy car park server 2.8.3
remote attacker
unauthenticated
database access

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

54.1%

JSON

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of an SQL-injection to gain access to a volatile temporary database with the current states of the device.

CNA Affected

[
  {
    "vendor": "Carlo Gavazzi",
    "product": "UWP 3.0 Monitoring Gateway and Controller",
    "versions": [
      {
        "version": "8",
        "status": "affected",
        "lessThan": "8.5.0.3",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Carlo Gavazzi",
    "product": "UWP 3.0 Monitoring Gateway and Controller – Security Enhanced",
    "versions": [
      {
        "version": "8",
        "status": "affected",
        "lessThan": "8.5.0.3",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Carlo Gavazzi",
    "product": "UWP 3.0 Monitoring Gateway and Controller – EDP version",
    "versions": [
      {
        "version": "8",
        "status": "affected",
        "lessThan": "8.5.0.3",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Carlo Gavazzi",
    "product": "CPY Car Park Server",
    "versions": [
      {
        "version": "2",
        "status": "affected",
        "lessThan": "2.8.3",
        "versionType": "custom"
      }
    ]
  }
]

Related

nvd 1
cve 1
prion 1
nvd
nvd
CVE-2022-28813
2022-09-28 14:15:10
cve
cve
CVE-2022-28813
2022-09-28 14:15:10
prion
prion
Sql injection
2022-09-28 14:15:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

54.1%

JSON
Related for CVELIST:CVE-2022-28813
nvd1cve1prion1