CVE-2022-22524 (GCVE-0-2022-22524)
Vulnerability from cvelistv5 – Published: 2022-09-28 13:45 – Updated: 2025-05-21 14:37
VLAI?
Title
SQL-injection in Carlo Gavazzi UWP 3.0 allows for full database access
Summary
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an unauthenticated remote attacker could utilize a SQL-Injection vulnerability to gain full database access, modify users and stop services .
Severity ?
9.4 (Critical)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Carlo Gavazzi | UWP 3.0 Monitoring Gateway and Controller |
Affected:
8 , < 8.5.0.3
(custom)
|
|||||||||||||||||
|
|||||||||||||||||||
Credits
Vera Mens from Claroty Research
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:14:55.430Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-029/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-22524",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T14:37:06.336805Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T14:37:14.217Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "UWP 3.0 Monitoring Gateway and Controller",
"vendor": "Carlo Gavazzi",
"versions": [
{
"lessThan": "8.5.0.3",
"status": "affected",
"version": "8",
"versionType": "custom"
}
]
},
{
"product": "UWP 3.0 Monitoring Gateway and Controller \u2013 Security Enhanced",
"vendor": "Carlo Gavazzi",
"versions": [
{
"lessThan": "8.5.0.3",
"status": "affected",
"version": "8",
"versionType": "custom"
}
]
},
{
"product": "UWP 3.0 Monitoring Gateway and Controller \u2013 EDP version",
"vendor": "Carlo Gavazzi",
"versions": [
{
"lessThan": "8.5.0.3",
"status": "affected",
"version": "8",
"versionType": "custom"
}
]
},
{
"product": "CPY Car Park Server",
"vendor": "Carlo Gavazzi",
"versions": [
{
"lessThan": "2.8.3",
"status": "affected",
"version": "2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vera Mens from Claroty Research"
}
],
"descriptions": [
{
"lang": "en",
"value": "In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an unauthenticated remote attacker could utilize a SQL-Injection vulnerability to gain full database access, modify users and stop services ."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-28T13:45:30.000Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-029/"
}
],
"source": {
"advisory": "VDE-2022-029",
"discovery": "EXTERNAL"
},
"title": "SQL-injection in Carlo Gavazzi UWP 3.0 allows for full database access",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"ID": "CVE-2022-22524",
"STATE": "PUBLIC",
"TITLE": "SQL-injection in Carlo Gavazzi UWP 3.0 allows for full database access"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UWP 3.0 Monitoring Gateway and Controller",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8",
"version_value": "8.5.0.3"
}
]
}
},
{
"product_name": "UWP 3.0 Monitoring Gateway and Controller \u2013 Security Enhanced",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8",
"version_value": "8.5.0.3"
}
]
}
},
{
"product_name": "UWP 3.0 Monitoring Gateway and Controller \u2013 EDP version",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8",
"version_value": "8.5.0.3"
}
]
}
},
{
"product_name": "CPY Car Park Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2",
"version_value": "2.8.3"
}
]
}
}
]
},
"vendor_name": "Carlo Gavazzi"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vera Mens from Claroty Research"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an unauthenticated remote attacker could utilize a SQL-Injection vulnerability to gain full database access, modify users and stop services ."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2022-029/",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2022-029/"
}
]
},
"source": {
"advisory": "VDE-2022-029",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-22524",
"datePublished": "2022-09-28T13:45:30.000Z",
"dateReserved": "2022-01-03T00:00:00.000Z",
"dateUpdated": "2025-05-21T14:37:14.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gavazziautomation:cpy_car_park_server:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.8.3\", \"matchCriteriaId\": \"6E670508-7A94-4A01-9C2B-51E82D5A861F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"8.5.0.3\", \"matchCriteriaId\": \"14B2D9AB-2D19-4AD6-A049-CDB6814CC8D0\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"90DBF492-5F3A-4F53-ACFC-59F89470D632\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:edp:*:*:*:*:*\", \"versionEndExcluding\": \"8.5.0.3\", \"matchCriteriaId\": \"5BFC1445-995C-44F7-BE85-E0C1D462573E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:edp:*:*:*:*:*\", \"matchCriteriaId\": \"C7900CB8-560F-4DD7-82B9-8226A8F5F5CC\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:security_enhanced:*:*:*:*:*\", \"versionEndExcluding\": \"8.5.0.3\", \"matchCriteriaId\": \"F6584CB1-FA0B-468D-AA58-F2D2F33763AA\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:security_enhanced:*:*:*:*:*\", \"matchCriteriaId\": \"B29F6465-3533-4B50-B436-4DC4E6F1B361\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an unauthenticated remote attacker could utilize a SQL-Injection vulnerability to gain full database access, modify users and stop services .\"}, {\"lang\": \"es\", \"value\": \"En Carlo Gavazzi UWP versi\\u00f3n 3.0 en m\\u00faltiples versiones y CPY Car Park Server en versi\\u00f3n 2.8.3, un atacante remoto no autenticado podr\\u00eda usar una vulnerabilidad de inyecci\\u00f3n SQL para conseguir acceso completo a la base de datos, modificar usuarios y detener servicios\"}]",
"id": "CVE-2022-22524",
"lastModified": "2024-11-21T06:46:57.337",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"info@cert.vde.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H\", \"baseScore\": 9.4, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.5}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H\", \"baseScore\": 9.4, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.5}]}",
"published": "2022-09-28T14:15:10.117",
"references": "[{\"url\": \"https://cert.vde.com/en/advisories/VDE-2022-029/\", \"source\": \"info@cert.vde.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://cert.vde.com/en/advisories/VDE-2022-029/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"info@cert.vde.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-89\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-89\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-22524\",\"sourceIdentifier\":\"info@cert.vde.com\",\"published\":\"2022-09-28T14:15:10.117\",\"lastModified\":\"2024-11-21T06:46:57.337\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an unauthenticated remote attacker could utilize a SQL-Injection vulnerability to gain full database access, modify users and stop services .\"},{\"lang\":\"es\",\"value\":\"En Carlo Gavazzi UWP versi\u00f3n 3.0 en m\u00faltiples versiones y CPY Car Park Server en versi\u00f3n 2.8.3, un atacante remoto no autenticado podr\u00eda usar una vulnerabilidad de inyecci\u00f3n SQL para conseguir acceso completo a la base de datos, modificar usuarios y detener servicios\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H\",\"baseScore\":9.4,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H\",\"baseScore\":9.4,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.5}]},\"weaknesses\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gavazziautomation:cpy_car_park_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.8.3\",\"matchCriteriaId\":\"6E670508-7A94-4A01-9C2B-51E82D5A861F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.5.0.3\",\"matchCriteriaId\":\"14B2D9AB-2D19-4AD6-A049-CDB6814CC8D0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"90DBF492-5F3A-4F53-ACFC-59F89470D632\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:edp:*:*:*:*:*\",\"versionEndExcluding\":\"8.5.0.3\",\"matchCriteriaId\":\"5BFC1445-995C-44F7-BE85-E0C1D462573E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:edp:*:*:*:*:*\",\"matchCriteriaId\":\"C7900CB8-560F-4DD7-82B9-8226A8F5F5CC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:security_enhanced:*:*:*:*:*\",\"versionEndExcluding\":\"8.5.0.3\",\"matchCriteriaId\":\"F6584CB1-FA0B-468D-AA58-F2D2F33763AA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:security_enhanced:*:*:*:*:*\",\"matchCriteriaId\":\"B29F6465-3533-4B50-B436-4DC4E6F1B361\"}]}]}],\"references\":[{\"url\":\"https://cert.vde.com/en/advisories/VDE-2022-029/\",\"source\":\"info@cert.vde.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert.vde.com/en/advisories/VDE-2022-029/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"affected\": [{\"product\": \"UWP 3.0 Monitoring Gateway and Controller\", \"vendor\": \"Carlo Gavazzi\", \"versions\": [{\"lessThan\": \"8.5.0.3\", \"status\": \"affected\", \"version\": \"8\", \"versionType\": \"custom\"}]}, {\"product\": \"UWP 3.0 Monitoring Gateway and Controller \\u2013 Security Enhanced\", \"vendor\": \"Carlo Gavazzi\", \"versions\": [{\"lessThan\": \"8.5.0.3\", \"status\": \"affected\", \"version\": \"8\", \"versionType\": \"custom\"}]}, {\"product\": \"UWP 3.0 Monitoring Gateway and Controller \\u2013 EDP version\", \"vendor\": \"Carlo Gavazzi\", \"versions\": [{\"lessThan\": \"8.5.0.3\", \"status\": \"affected\", \"version\": \"8\", \"versionType\": \"custom\"}]}, {\"product\": \"CPY Car Park Server\", \"vendor\": \"Carlo Gavazzi\", \"versions\": [{\"lessThan\": \"2.8.3\", \"status\": \"affected\", \"version\": \"2\", \"versionType\": \"custom\"}]}], \"credits\": [{\"lang\": \"en\", \"value\": \"Vera Mens from Claroty Research\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an unauthenticated remote attacker could utilize a SQL-Injection vulnerability to gain full database access, modify users and stop services .\"}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"HIGH\", \"baseScore\": 9.4, \"baseSeverity\": \"CRITICAL\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H\", \"version\": \"3.1\"}}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-89\", \"description\": \"CWE-89 SQL Injection\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"providerMetadata\": {\"dateUpdated\": \"2022-09-28T13:45:30.000Z\", \"orgId\": \"270ccfa6-a436-4e77-922e-914ec3a9685c\", \"shortName\": \"CERTVDE\"}, \"references\": [{\"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"https://cert.vde.com/en/advisories/VDE-2022-029/\"}], \"source\": {\"advisory\": \"VDE-2022-029\", \"discovery\": \"EXTERNAL\"}, \"title\": \"SQL-injection in Carlo Gavazzi UWP 3.0 allows for full database access\", \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"x_legacyV4Record\": {\"CVE_data_meta\": {\"ASSIGNER\": \"info@cert.vde.com\", \"ID\": \"CVE-2022-22524\", \"STATE\": \"PUBLIC\", \"TITLE\": \"SQL-injection in Carlo Gavazzi UWP 3.0 allows for full database access\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"product_name\": \"UWP 3.0 Monitoring Gateway and Controller\", \"version\": {\"version_data\": [{\"version_affected\": \"\u003c\", \"version_name\": \"8\", \"version_value\": \"8.5.0.3\"}]}}, {\"product_name\": \"UWP 3.0 Monitoring Gateway and Controller \\u2013 Security Enhanced\", \"version\": {\"version_data\": [{\"version_affected\": \"\u003c\", \"version_name\": \"8\", \"version_value\": \"8.5.0.3\"}]}}, {\"product_name\": \"UWP 3.0 Monitoring Gateway and Controller \\u2013 EDP version\", \"version\": {\"version_data\": [{\"version_affected\": \"\u003c\", \"version_name\": \"8\", \"version_value\": \"8.5.0.3\"}]}}, {\"product_name\": \"CPY Car Park Server\", \"version\": {\"version_data\": [{\"version_affected\": \"\u003c\", \"version_name\": \"2\", \"version_value\": \"2.8.3\"}]}}]}, \"vendor_name\": \"Carlo Gavazzi\"}]}}, \"credit\": [{\"lang\": \"eng\", \"value\": \"Vera Mens from Claroty Research\"}], \"data_format\": \"MITRE\", \"data_type\": \"CVE\", \"data_version\": \"4.0\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an unauthenticated remote attacker could utilize a SQL-Injection vulnerability to gain full database access, modify users and stop services .\"}]}, \"generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"impact\": {\"cvss\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"HIGH\", \"baseScore\": 9.4, \"baseSeverity\": \"CRITICAL\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H\", \"version\": \"3.1\"}}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-89 SQL Injection\"}]}]}, \"references\": {\"reference_data\": [{\"name\": \"https://cert.vde.com/en/advisories/VDE-2022-029/\", \"refsource\": \"CONFIRM\", \"url\": \"https://cert.vde.com/en/advisories/VDE-2022-029/\"}]}, \"source\": {\"advisory\": \"VDE-2022-029\", \"discovery\": \"EXTERNAL\"}}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T03:14:55.430Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"], \"url\": \"https://cert.vde.com/en/advisories/VDE-2022-029/\"}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-22524\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-21T14:37:06.336805Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-21T14:37:09.642Z\"}}]}",
"cveMetadata": "{\"assignerOrgId\": \"270ccfa6-a436-4e77-922e-914ec3a9685c\", \"assignerShortName\": \"CERTVDE\", \"cveId\": \"CVE-2022-22524\", \"datePublished\": \"2022-09-28T13:45:30.000Z\", \"dateReserved\": \"2022-01-03T00:00:00.000Z\", \"dateUpdated\": \"2025-05-21T14:37:14.217Z\", \"state\": \"PUBLISHED\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…