CVE-2022-28811 (GCVE-0-2022-28811)
Vulnerability from cvelistv5
Published
2022-09-28 13:45
Modified
2025-05-21 14:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - OS Command Injection
Summary
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could utilize an improper input validation on an API-submitted parameter to execute arbitrary OS commands.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Carlo Gavazzi | UWP 3.0 Monitoring Gateway and Controller |
Affected:
8 , < 8.5.0.3
(custom)
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:53.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-029/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-28811",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T14:34:00.547711Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T14:34:10.950Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "UWP 3.0 Monitoring Gateway and Controller",
"vendor": "Carlo Gavazzi",
"versions": [
{
"lessThan": "8.5.0.3",
"status": "affected",
"version": "8",
"versionType": "custom"
}
]
},
{
"product": "UWP 3.0 Monitoring Gateway and Controller \u2013 Security Enhanced",
"vendor": "Carlo Gavazzi",
"versions": [
{
"lessThan": "8.5.0.3",
"status": "affected",
"version": "8",
"versionType": "custom"
}
]
},
{
"product": "UWP 3.0 Monitoring Gateway and Controller \u2013 EDP version",
"vendor": "Carlo Gavazzi",
"versions": [
{
"lessThan": "8.5.0.3",
"status": "affected",
"version": "8",
"versionType": "custom"
}
]
},
{
"product": "CPY Car Park Server",
"vendor": "Carlo Gavazzi",
"versions": [
{
"lessThan": "2.8.3",
"status": "affected",
"version": "2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vera Mens from Claroty Research"
}
],
"descriptions": [
{
"lang": "en",
"value": "In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could utilize an improper input validation on an API-submitted parameter to execute arbitrary OS commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-28T13:45:32.000Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-029/"
}
],
"source": {
"advisory": "VDE-2022-029",
"discovery": "EXTERNAL"
},
"title": "Possible command injection in Car Park Server in Carlo Gavazzi UWP3.0",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"ID": "CVE-2022-28811",
"STATE": "PUBLIC",
"TITLE": "Possible command injection in Car Park Server in Carlo Gavazzi UWP3.0"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UWP 3.0 Monitoring Gateway and Controller",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8",
"version_value": "8.5.0.3"
}
]
}
},
{
"product_name": "UWP 3.0 Monitoring Gateway and Controller \u2013 Security Enhanced",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8",
"version_value": "8.5.0.3"
}
]
}
},
{
"product_name": "UWP 3.0 Monitoring Gateway and Controller \u2013 EDP version",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8",
"version_value": "8.5.0.3"
}
]
}
},
{
"product_name": "CPY Car Park Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2",
"version_value": "2.8.3"
}
]
}
}
]
},
"vendor_name": "Carlo Gavazzi"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vera Mens from Claroty Research"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could utilize an improper input validation on an API-submitted parameter to execute arbitrary OS commands."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2022-029/",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2022-029/"
}
]
},
"source": {
"advisory": "VDE-2022-029",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-28811",
"datePublished": "2022-09-28T13:45:32.000Z",
"dateReserved": "2022-04-08T00:00:00.000Z",
"dateUpdated": "2025-05-21T14:34:10.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gavazziautomation:cpy_car_park_server:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.8.3\", \"matchCriteriaId\": \"6E670508-7A94-4A01-9C2B-51E82D5A861F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"8.5.0.3\", \"matchCriteriaId\": \"14B2D9AB-2D19-4AD6-A049-CDB6814CC8D0\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"90DBF492-5F3A-4F53-ACFC-59F89470D632\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:edp:*:*:*:*:*\", \"versionEndExcluding\": \"8.5.0.3\", \"matchCriteriaId\": \"5BFC1445-995C-44F7-BE85-E0C1D462573E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:edp:*:*:*:*:*\", \"matchCriteriaId\": \"C7900CB8-560F-4DD7-82B9-8226A8F5F5CC\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:security_enhanced:*:*:*:*:*\", \"versionEndExcluding\": \"8.5.0.3\", \"matchCriteriaId\": \"F6584CB1-FA0B-468D-AA58-F2D2F33763AA\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:security_enhanced:*:*:*:*:*\", \"matchCriteriaId\": \"B29F6465-3533-4B50-B436-4DC4E6F1B361\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could utilize an improper input validation on an API-submitted parameter to execute arbitrary OS commands.\"}, {\"lang\": \"es\", \"value\": \"En Carlo Gavazzi UWP versi\\u00f3n 3.0 en m\\u00faltiples versiones y CPY Car Park Server en versi\\u00f3n 2.8.3, un atacante remoto no autenticado, podr\\u00eda usar una comprobaci\\u00f3n de entrada inapropiada en un par\\u00e1metro enviado por la API para ejecutar comandos arbitrarios del Sistema Operativo\"}]",
"id": "CVE-2022-28811",
"lastModified": "2024-11-21T06:57:58.700",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"info@cert.vde.com\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
"published": "2022-09-28T14:15:10.343",
"references": "[{\"url\": \"https://cert.vde.com/en/advisories/VDE-2022-029/\", \"source\": \"info@cert.vde.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://cert.vde.com/en/advisories/VDE-2022-029/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"info@cert.vde.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-28811\",\"sourceIdentifier\":\"info@cert.vde.com\",\"published\":\"2022-09-28T14:15:10.343\",\"lastModified\":\"2024-11-21T06:57:58.700\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could utilize an improper input validation on an API-submitted parameter to execute arbitrary OS commands.\"},{\"lang\":\"es\",\"value\":\"En Carlo Gavazzi UWP versi\u00f3n 3.0 en m\u00faltiples versiones y CPY Car Park Server en versi\u00f3n 2.8.3, un atacante remoto no autenticado, podr\u00eda usar una comprobaci\u00f3n de entrada inapropiada en un par\u00e1metro enviado por la API para ejecutar comandos arbitrarios del Sistema Operativo\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gavazziautomation:cpy_car_park_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.8.3\",\"matchCriteriaId\":\"6E670508-7A94-4A01-9C2B-51E82D5A861F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.5.0.3\",\"matchCriteriaId\":\"14B2D9AB-2D19-4AD6-A049-CDB6814CC8D0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"90DBF492-5F3A-4F53-ACFC-59F89470D632\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:edp:*:*:*:*:*\",\"versionEndExcluding\":\"8.5.0.3\",\"matchCriteriaId\":\"5BFC1445-995C-44F7-BE85-E0C1D462573E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:edp:*:*:*:*:*\",\"matchCriteriaId\":\"C7900CB8-560F-4DD7-82B9-8226A8F5F5CC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:security_enhanced:*:*:*:*:*\",\"versionEndExcluding\":\"8.5.0.3\",\"matchCriteriaId\":\"F6584CB1-FA0B-468D-AA58-F2D2F33763AA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:security_enhanced:*:*:*:*:*\",\"matchCriteriaId\":\"B29F6465-3533-4B50-B436-4DC4E6F1B361\"}]}]}],\"references\":[{\"url\":\"https://cert.vde.com/en/advisories/VDE-2022-029/\",\"source\":\"info@cert.vde.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert.vde.com/en/advisories/VDE-2022-029/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"affected\": [{\"product\": \"UWP 3.0 Monitoring Gateway and Controller\", \"vendor\": \"Carlo Gavazzi\", \"versions\": [{\"lessThan\": \"8.5.0.3\", \"status\": \"affected\", \"version\": \"8\", \"versionType\": \"custom\"}]}, {\"product\": \"UWP 3.0 Monitoring Gateway and Controller \\u2013 Security Enhanced\", \"vendor\": \"Carlo Gavazzi\", \"versions\": [{\"lessThan\": \"8.5.0.3\", \"status\": \"affected\", \"version\": \"8\", \"versionType\": \"custom\"}]}, {\"product\": \"UWP 3.0 Monitoring Gateway and Controller \\u2013 EDP version\", \"vendor\": \"Carlo Gavazzi\", \"versions\": [{\"lessThan\": \"8.5.0.3\", \"status\": \"affected\", \"version\": \"8\", \"versionType\": \"custom\"}]}, {\"product\": \"CPY Car Park Server\", \"vendor\": \"Carlo Gavazzi\", \"versions\": [{\"lessThan\": \"2.8.3\", \"status\": \"affected\", \"version\": \"2\", \"versionType\": \"custom\"}]}], \"credits\": [{\"lang\": \"en\", \"value\": \"Vera Mens from Claroty Research\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could utilize an improper input validation on an API-submitted parameter to execute arbitrary OS commands.\"}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"HIGH\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"version\": \"3.1\"}}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-78\", \"description\": \"CWE-78 OS Command Injection\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"providerMetadata\": {\"dateUpdated\": \"2022-09-28T13:45:32.000Z\", \"orgId\": \"270ccfa6-a436-4e77-922e-914ec3a9685c\", \"shortName\": \"CERTVDE\"}, \"references\": [{\"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"https://cert.vde.com/en/advisories/VDE-2022-029/\"}], \"source\": {\"advisory\": \"VDE-2022-029\", \"discovery\": \"EXTERNAL\"}, \"title\": \"Possible command injection in Car Park Server in Carlo Gavazzi UWP3.0\", \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"x_legacyV4Record\": {\"CVE_data_meta\": {\"ASSIGNER\": \"info@cert.vde.com\", \"ID\": \"CVE-2022-28811\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Possible command injection in Car Park Server in Carlo Gavazzi UWP3.0\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"product_name\": \"UWP 3.0 Monitoring Gateway and Controller\", \"version\": {\"version_data\": [{\"version_affected\": \"\u003c\", \"version_name\": \"8\", \"version_value\": \"8.5.0.3\"}]}}, {\"product_name\": \"UWP 3.0 Monitoring Gateway and Controller \\u2013 Security Enhanced\", \"version\": {\"version_data\": [{\"version_affected\": \"\u003c\", \"version_name\": \"8\", \"version_value\": \"8.5.0.3\"}]}}, {\"product_name\": \"UWP 3.0 Monitoring Gateway and Controller \\u2013 EDP version\", \"version\": {\"version_data\": [{\"version_affected\": \"\u003c\", \"version_name\": \"8\", \"version_value\": \"8.5.0.3\"}]}}, {\"product_name\": \"CPY Car Park Server\", \"version\": {\"version_data\": [{\"version_affected\": \"\u003c\", \"version_name\": \"2\", \"version_value\": \"2.8.3\"}]}}]}, \"vendor_name\": \"Carlo Gavazzi\"}]}}, \"credit\": [{\"lang\": \"eng\", \"value\": \"Vera Mens from Claroty Research\"}], \"data_format\": \"MITRE\", \"data_type\": \"CVE\", \"data_version\": \"4.0\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could utilize an improper input validation on an API-submitted parameter to execute arbitrary OS commands.\"}]}, \"generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"impact\": {\"cvss\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"HIGH\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"version\": \"3.1\"}}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-78 OS Command Injection\"}]}]}, \"references\": {\"reference_data\": [{\"name\": \"https://cert.vde.com/en/advisories/VDE-2022-029/\", \"refsource\": \"CONFIRM\", \"url\": \"https://cert.vde.com/en/advisories/VDE-2022-029/\"}]}, \"source\": {\"advisory\": \"VDE-2022-029\", \"discovery\": \"EXTERNAL\"}}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T06:03:53.054Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"], \"url\": \"https://cert.vde.com/en/advisories/VDE-2022-029/\"}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-28811\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-21T14:34:00.547711Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-21T14:34:07.289Z\"}}]}",
"cveMetadata": "{\"assignerOrgId\": \"270ccfa6-a436-4e77-922e-914ec3a9685c\", \"assignerShortName\": \"CERTVDE\", \"cveId\": \"CVE-2022-28811\", \"datePublished\": \"2022-09-28T13:45:32.000Z\", \"dateReserved\": \"2022-04-08T00:00:00.000Z\", \"dateUpdated\": \"2025-05-21T14:34:10.950Z\", \"state\": \"PUBLISHED\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…