CVE-2022-28814 (GCVE-0-2022-28814)
Vulnerability from cvelistv5 – Published: 2022-09-28 13:45 – Updated: 2025-05-20 20:35
VLAI?
Title
Path traversal in Carlo Gavazzi UWP 3.0 could lead to full device access
Summary
Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 was discovered to be vulnerable to a relative path traversal vulnerability which enables remote attackers to read arbitrary files and gain full control of the device.
Severity ?
9.8 (Critical)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Carlo Gavazzi | UWP 3.0 Monitoring Gateway and Controller |
Affected:
8 , < 8.5.0.3
(custom)
|
|||||||||||||||||
|
|||||||||||||||||||
Credits
Vera Mens from Claroty Research
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:53.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-029/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-28814",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-20T20:35:33.774091Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-20T20:35:41.068Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "UWP 3.0 Monitoring Gateway and Controller",
"vendor": "Carlo Gavazzi",
"versions": [
{
"lessThan": "8.5.0.3",
"status": "affected",
"version": "8",
"versionType": "custom"
}
]
},
{
"product": "UWP 3.0 Monitoring Gateway and Controller \u2013 Security Enhanced",
"vendor": "Carlo Gavazzi",
"versions": [
{
"lessThan": "8.5.0.3",
"status": "affected",
"version": "8",
"versionType": "custom"
}
]
},
{
"product": "UWP 3.0 Monitoring Gateway and Controller \u2013 EDP version",
"vendor": "Carlo Gavazzi",
"versions": [
{
"lessThan": "8.5.0.3",
"status": "affected",
"version": "8",
"versionType": "custom"
}
]
},
{
"product": "CPY Car Park Server",
"vendor": "Carlo Gavazzi",
"versions": [
{
"lessThan": "2.8.3",
"status": "affected",
"version": "2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vera Mens from Claroty Research"
}
],
"descriptions": [
{
"lang": "en",
"value": "Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 was discovered to be vulnerable to a relative path traversal vulnerability which enables remote attackers to read arbitrary files and gain full control of the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-28T13:45:35.000Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-029/"
}
],
"source": {
"advisory": "VDE-2022-029",
"discovery": "EXTERNAL"
},
"title": "Path traversal in Carlo Gavazzi UWP 3.0 could lead to full device access",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"ID": "CVE-2022-28814",
"STATE": "PUBLIC",
"TITLE": "Path traversal in Carlo Gavazzi UWP 3.0 could lead to full device access"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UWP 3.0 Monitoring Gateway and Controller",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8",
"version_value": "8.5.0.3"
}
]
}
},
{
"product_name": "UWP 3.0 Monitoring Gateway and Controller \u2013 Security Enhanced",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8",
"version_value": "8.5.0.3"
}
]
}
},
{
"product_name": "UWP 3.0 Monitoring Gateway and Controller \u2013 EDP version",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8",
"version_value": "8.5.0.3"
}
]
}
},
{
"product_name": "CPY Car Park Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2",
"version_value": "2.8.3"
}
]
}
}
]
},
"vendor_name": "Carlo Gavazzi"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vera Mens from Claroty Research"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 was discovered to be vulnerable to a relative path traversal vulnerability which enables remote attackers to read arbitrary files and gain full control of the device."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23 Relative Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2022-029/",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2022-029/"
}
]
},
"source": {
"advisory": "VDE-2022-029",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-28814",
"datePublished": "2022-09-28T13:45:35.000Z",
"dateReserved": "2022-04-08T00:00:00.000Z",
"dateUpdated": "2025-05-20T20:35:41.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gavazziautomation:cpy_car_park_server:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.8.3\", \"matchCriteriaId\": \"6E670508-7A94-4A01-9C2B-51E82D5A861F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"8.5.0.3\", \"matchCriteriaId\": \"14B2D9AB-2D19-4AD6-A049-CDB6814CC8D0\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"90DBF492-5F3A-4F53-ACFC-59F89470D632\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:edp:*:*:*:*:*\", \"versionEndExcluding\": \"8.5.0.3\", \"matchCriteriaId\": \"5BFC1445-995C-44F7-BE85-E0C1D462573E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:edp:*:*:*:*:*\", \"matchCriteriaId\": \"C7900CB8-560F-4DD7-82B9-8226A8F5F5CC\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:security_enhanced:*:*:*:*:*\", \"versionEndExcluding\": \"8.5.0.3\", \"matchCriteriaId\": \"F6584CB1-FA0B-468D-AA58-F2D2F33763AA\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:security_enhanced:*:*:*:*:*\", \"matchCriteriaId\": \"B29F6465-3533-4B50-B436-4DC4E6F1B361\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 was discovered to be vulnerable to a relative path traversal vulnerability which enables remote attackers to read arbitrary files and gain full control of the device.\"}, {\"lang\": \"es\", \"value\": \"En Carlo Gavazzi UWP versi\\u00f3n 3.0 en m\\u00faltiples versiones y en CPY Car Park Server en versi\\u00f3n 2.8.3, Se ha detectado que era susceptible a una vulnerabilidad de salto de ruta relativo que permite a atacantes remotos leer archivos arbitrarios y obtener el control total del dispositivo\"}]",
"id": "CVE-2022-28814",
"lastModified": "2024-11-21T06:57:59.077",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"info@cert.vde.com\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
"published": "2022-09-28T14:15:10.587",
"references": "[{\"url\": \"https://cert.vde.com/en/advisories/VDE-2022-029/\", \"source\": \"info@cert.vde.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://cert.vde.com/en/advisories/VDE-2022-029/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"info@cert.vde.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-23\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-28814\",\"sourceIdentifier\":\"info@cert.vde.com\",\"published\":\"2022-09-28T14:15:10.587\",\"lastModified\":\"2024-11-21T06:57:59.077\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 was discovered to be vulnerable to a relative path traversal vulnerability which enables remote attackers to read arbitrary files and gain full control of the device.\"},{\"lang\":\"es\",\"value\":\"En Carlo Gavazzi UWP versi\u00f3n 3.0 en m\u00faltiples versiones y en CPY Car Park Server en versi\u00f3n 2.8.3, Se ha detectado que era susceptible a una vulnerabilidad de salto de ruta relativo que permite a atacantes remotos leer archivos arbitrarios y obtener el control total del dispositivo\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-23\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gavazziautomation:cpy_car_park_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.8.3\",\"matchCriteriaId\":\"6E670508-7A94-4A01-9C2B-51E82D5A861F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.5.0.3\",\"matchCriteriaId\":\"14B2D9AB-2D19-4AD6-A049-CDB6814CC8D0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"90DBF492-5F3A-4F53-ACFC-59F89470D632\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:edp:*:*:*:*:*\",\"versionEndExcluding\":\"8.5.0.3\",\"matchCriteriaId\":\"5BFC1445-995C-44F7-BE85-E0C1D462573E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:edp:*:*:*:*:*\",\"matchCriteriaId\":\"C7900CB8-560F-4DD7-82B9-8226A8F5F5CC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:security_enhanced:*:*:*:*:*\",\"versionEndExcluding\":\"8.5.0.3\",\"matchCriteriaId\":\"F6584CB1-FA0B-468D-AA58-F2D2F33763AA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:security_enhanced:*:*:*:*:*\",\"matchCriteriaId\":\"B29F6465-3533-4B50-B436-4DC4E6F1B361\"}]}]}],\"references\":[{\"url\":\"https://cert.vde.com/en/advisories/VDE-2022-029/\",\"source\":\"info@cert.vde.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert.vde.com/en/advisories/VDE-2022-029/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://cert.vde.com/en/advisories/VDE-2022-029/\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T06:03:53.143Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-28814\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-20T20:35:33.774091Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-20T20:35:38.224Z\"}}], \"cna\": {\"title\": \"Path traversal in Carlo Gavazzi UWP 3.0 could lead to full device access\", \"source\": {\"advisory\": \"VDE-2022-029\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"value\": \"Vera Mens from Claroty Research\"}], \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Carlo Gavazzi\", \"product\": \"UWP 3.0 Monitoring Gateway and Controller\", \"versions\": [{\"status\": \"affected\", \"version\": \"8\", \"lessThan\": \"8.5.0.3\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Carlo Gavazzi\", \"product\": \"UWP 3.0 Monitoring Gateway and Controller \\u2013 Security Enhanced\", \"versions\": [{\"status\": \"affected\", \"version\": \"8\", \"lessThan\": \"8.5.0.3\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Carlo Gavazzi\", \"product\": \"UWP 3.0 Monitoring Gateway and Controller \\u2013 EDP version\", \"versions\": [{\"status\": \"affected\", \"version\": \"8\", \"lessThan\": \"8.5.0.3\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Carlo Gavazzi\", \"product\": \"CPY Car Park Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"2\", \"lessThan\": \"2.8.3\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://cert.vde.com/en/advisories/VDE-2022-029/\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 was discovered to be vulnerable to a relative path traversal vulnerability which enables remote attackers to read arbitrary files and gain full control of the device.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-23\", \"description\": \"CWE-23 Relative Path Traversal\"}]}], \"providerMetadata\": {\"orgId\": \"270ccfa6-a436-4e77-922e-914ec3a9685c\", \"shortName\": \"CERTVDE\", \"dateUpdated\": \"2022-09-28T13:45:35.000Z\"}, \"x_legacyV4Record\": {\"credit\": [{\"lang\": \"eng\", \"value\": \"Vera Mens from Claroty Research\"}], \"impact\": {\"cvss\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, \"source\": {\"advisory\": \"VDE-2022-029\", \"discovery\": \"EXTERNAL\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_name\": \"8\", \"version_value\": \"8.5.0.3\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"UWP 3.0 Monitoring Gateway and Controller\"}, {\"version\": {\"version_data\": [{\"version_name\": \"8\", \"version_value\": \"8.5.0.3\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"UWP 3.0 Monitoring Gateway and Controller \\u2013 Security Enhanced\"}, {\"version\": {\"version_data\": [{\"version_name\": \"8\", \"version_value\": \"8.5.0.3\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"UWP 3.0 Monitoring Gateway and Controller \\u2013 EDP version\"}, {\"version\": {\"version_data\": [{\"version_name\": \"2\", \"version_value\": \"2.8.3\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"CPY Car Park Server\"}]}, \"vendor_name\": \"Carlo Gavazzi\"}]}}, \"data_type\": \"CVE\", \"generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"references\": {\"reference_data\": [{\"url\": \"https://cert.vde.com/en/advisories/VDE-2022-029/\", \"name\": \"https://cert.vde.com/en/advisories/VDE-2022-029/\", \"refsource\": \"CONFIRM\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 was discovered to be vulnerable to a relative path traversal vulnerability which enables remote attackers to read arbitrary files and gain full control of the device.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-23 Relative Path Traversal\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2022-28814\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Path traversal in Carlo Gavazzi UWP 3.0 could lead to full device access\", \"ASSIGNER\": \"info@cert.vde.com\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-28814\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-20T20:35:41.068Z\", \"dateReserved\": \"2022-04-08T00:00:00.000Z\", \"assignerOrgId\": \"270ccfa6-a436-4e77-922e-914ec3a9685c\", \"datePublished\": \"2022-09-28T13:45:35.000Z\", \"assignerShortName\": \"CERTVDE\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…