Lucene search

[email protected]NVD:CVE-2022-28813

HistorySep 28, 2022 - 2:15 p.m.

CVE-2022-28813

2022-09-2814:15:10

CWE-89

[email protected]

web.nvd.nist.gov

carlo gavazzi

uwp3.0

cpy car park server

sql injection

remote attacker

unauthenticated access

temporary database

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

53.9%

JSON

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of an SQL-injection to gain access to a volatile temporary database with the current states of the device.

Affected configurations

Nvd

Node

gavazziautomationcpy_car_park_serverRange<2.8.3

Node

gavazziautomationuwp_3.0_monitoring_gateway_and_controller_firmwareRange<8.5.0.3

AND

gavazziautomationuwp_3.0_monitoring_gateway_and_controllerMatch-

Node

gavazziautomationuwp_3.0_monitoring_gateway_and_controller_firmwareRange<8.5.0.3edp

AND

gavazziautomationuwp_3.0_monitoring_gateway_and_controllerMatch-edp

Node

gavazziautomationuwp_3.0_monitoring_gateway_and_controller_firmwareRange<8.5.0.3security_enhanced

AND

gavazziautomationuwp_3.0_monitoring_gateway_and_controllerMatch-security_enhanced

VendorProductVersionCPE
gavazziautomationcpy_car_park_server*cpe:2.3:a:gavazziautomation:cpy_car_park_server:*:*:*:*:*:*:*:*
gavazziautomationuwp_3.0_monitoring_gateway_and_controller_firmware*cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:*:*:*:*:*:*
gavazziautomationuwp_3.0_monitoring_gateway_and_controller-cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:*:*:*:*:*:*
gavazziautomationuwp_3.0_monitoring_gateway_and_controller_firmware*cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:edp:*:*:*:*:*
gavazziautomationuwp_3.0_monitoring_gateway_and_controller-cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:edp:*:*:*:*:*
gavazziautomationuwp_3.0_monitoring_gateway_and_controller_firmware*cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:security_enhanced:*:*:*:*:*
gavazziautomationuwp_3.0_monitoring_gateway_and_controller-cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:security_enhanced:*:*:*:*:*

Vendor	Product	Version	CPE
gavazziautomation	cpy_car_park_server	*	cpe:2.3:a:gavazziautomation:cpy_car_park_server::::::::
gavazziautomation	uwp_3.0_monitoring_gateway_and_controller_firmware	*	cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware::::::::
gavazziautomation	uwp_3.0_monitoring_gateway_and_controller	-	cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:::::::*
gavazziautomation	uwp_3.0_monitoring_gateway_and_controller_firmware	*	cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:::edp:::::*
gavazziautomation	uwp_3.0_monitoring_gateway_and_controller	-	cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-::edp:::::
gavazziautomation	uwp_3.0_monitoring_gateway_and_controller_firmware	*	cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:::security_enhanced:::::*
gavazziautomation	uwp_3.0_monitoring_gateway_and_controller	-	cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-::security_enhanced:::::

References

cert.vde.com/en/advisories/VDE-2022-029/

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

53.9%

JSON

Related for NVD:CVE-2022-28813

cvelist1 cve1 prion1