CVE-2022-28816 (GCVE-0-2022-28816)
Vulnerability from cvelistv5 – Published: 2022-09-28 13:45 – Updated: 2025-05-20 20:36
VLAI?
Summary
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy is prone to reflected XSS which only affects the Sentilo service.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Carlo Gavazzi | UWP 3.0 Monitoring Gateway and Controller |
Affected:
8 , < 8.5.0.3
(custom)
|
|||||||||||||||||
|
|||||||||||||||||||
Credits
Vera Mens from Claroty Research
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:53.101Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-029/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-28816",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-20T20:36:37.829229Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-20T20:36:50.107Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "UWP 3.0 Monitoring Gateway and Controller",
"vendor": "Carlo Gavazzi",
"versions": [
{
"lessThan": "8.5.0.3",
"status": "affected",
"version": "8",
"versionType": "custom"
}
]
},
{
"product": "UWP 3.0 Monitoring Gateway and Controller \u2013 Security Enhanced",
"vendor": "Carlo Gavazzi",
"versions": [
{
"lessThan": "8.5.0.3",
"status": "affected",
"version": "8",
"versionType": "custom"
}
]
},
{
"product": "UWP 3.0 Monitoring Gateway and Controller \u2013 EDP version",
"vendor": "Carlo Gavazzi",
"versions": [
{
"lessThan": "8.5.0.3",
"status": "affected",
"version": "8",
"versionType": "custom"
}
]
},
{
"product": "CPY Car Park Server",
"vendor": "Carlo Gavazzi",
"versions": [
{
"lessThan": "2.8.3",
"status": "affected",
"version": "2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vera Mens from Claroty Research"
}
],
"descriptions": [
{
"lang": "en",
"value": "In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy is prone to reflected XSS which only affects the Sentilo service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-28T13:45:37.000Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-029/"
}
],
"source": {
"advisory": "VDE-2022-029",
"discovery": "EXTERNAL"
},
"title": "Reflected XSS in Carlo Gavazzi UWP 3.0",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"ID": "CVE-2022-28816",
"STATE": "PUBLIC",
"TITLE": "Reflected XSS in Carlo Gavazzi UWP 3.0"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UWP 3.0 Monitoring Gateway and Controller",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8",
"version_value": "8.5.0.3"
}
]
}
},
{
"product_name": "UWP 3.0 Monitoring Gateway and Controller \u2013 Security Enhanced",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8",
"version_value": "8.5.0.3"
}
]
}
},
{
"product_name": "UWP 3.0 Monitoring Gateway and Controller \u2013 EDP version",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8",
"version_value": "8.5.0.3"
}
]
}
},
{
"product_name": "CPY Car Park Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2",
"version_value": "2.8.3"
}
]
}
}
]
},
"vendor_name": "Carlo Gavazzi"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vera Mens from Claroty Research"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy is prone to reflected XSS which only affects the Sentilo service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2022-029/",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2022-029/"
}
]
},
"source": {
"advisory": "VDE-2022-029",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-28816",
"datePublished": "2022-09-28T13:45:37.000Z",
"dateReserved": "2022-04-08T00:00:00.000Z",
"dateUpdated": "2025-05-20T20:36:50.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gavazziautomation:cpy_car_park_server:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.8.3\", \"matchCriteriaId\": \"6E670508-7A94-4A01-9C2B-51E82D5A861F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"8.5.0.3\", \"matchCriteriaId\": \"14B2D9AB-2D19-4AD6-A049-CDB6814CC8D0\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"90DBF492-5F3A-4F53-ACFC-59F89470D632\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:edp:*:*:*:*:*\", \"versionEndExcluding\": \"8.5.0.3\", \"matchCriteriaId\": \"5BFC1445-995C-44F7-BE85-E0C1D462573E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:edp:*:*:*:*:*\", \"matchCriteriaId\": \"C7900CB8-560F-4DD7-82B9-8226A8F5F5CC\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:security_enhanced:*:*:*:*:*\", \"versionEndExcluding\": \"8.5.0.3\", \"matchCriteriaId\": \"F6584CB1-FA0B-468D-AA58-F2D2F33763AA\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:security_enhanced:*:*:*:*:*\", \"matchCriteriaId\": \"B29F6465-3533-4B50-B436-4DC4E6F1B361\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy is prone to reflected XSS which only affects the Sentilo service.\"}, {\"lang\": \"es\", \"value\": \"En Carlo Gavazzi UWP versi\\u00f3n 3.0 en m\\u00faltiples versiones y CPY Car Park Server en versi\\u00f3n 2.8.3, el Proxy Sentilo es propenso a un ataque de tipo XSS reflejado que solo afecta al servicio Sentilo\"}]",
"id": "CVE-2022-28816",
"lastModified": "2024-11-21T06:57:59.333",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"info@cert.vde.com\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}]}",
"published": "2022-09-28T14:15:10.743",
"references": "[{\"url\": \"https://cert.vde.com/en/advisories/VDE-2022-029/\", \"source\": \"info@cert.vde.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://cert.vde.com/en/advisories/VDE-2022-029/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"info@cert.vde.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-28816\",\"sourceIdentifier\":\"info@cert.vde.com\",\"published\":\"2022-09-28T14:15:10.743\",\"lastModified\":\"2024-11-21T06:57:59.333\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy is prone to reflected XSS which only affects the Sentilo service.\"},{\"lang\":\"es\",\"value\":\"En Carlo Gavazzi UWP versi\u00f3n 3.0 en m\u00faltiples versiones y CPY Car Park Server en versi\u00f3n 2.8.3, el Proxy Sentilo es propenso a un ataque de tipo XSS reflejado que solo afecta al servicio Sentilo\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gavazziautomation:cpy_car_park_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.8.3\",\"matchCriteriaId\":\"6E670508-7A94-4A01-9C2B-51E82D5A861F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.5.0.3\",\"matchCriteriaId\":\"14B2D9AB-2D19-4AD6-A049-CDB6814CC8D0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"90DBF492-5F3A-4F53-ACFC-59F89470D632\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:edp:*:*:*:*:*\",\"versionEndExcluding\":\"8.5.0.3\",\"matchCriteriaId\":\"5BFC1445-995C-44F7-BE85-E0C1D462573E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:edp:*:*:*:*:*\",\"matchCriteriaId\":\"C7900CB8-560F-4DD7-82B9-8226A8F5F5CC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:security_enhanced:*:*:*:*:*\",\"versionEndExcluding\":\"8.5.0.3\",\"matchCriteriaId\":\"F6584CB1-FA0B-468D-AA58-F2D2F33763AA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:security_enhanced:*:*:*:*:*\",\"matchCriteriaId\":\"B29F6465-3533-4B50-B436-4DC4E6F1B361\"}]}]}],\"references\":[{\"url\":\"https://cert.vde.com/en/advisories/VDE-2022-029/\",\"source\":\"info@cert.vde.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert.vde.com/en/advisories/VDE-2022-029/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://cert.vde.com/en/advisories/VDE-2022-029/\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T06:03:53.101Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-28816\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-20T20:36:37.829229Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-20T20:36:44.714Z\"}}], \"cna\": {\"title\": \"Reflected XSS in Carlo Gavazzi UWP 3.0\", \"source\": {\"advisory\": \"VDE-2022-029\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"value\": \"Vera Mens from Claroty Research\"}], \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"Carlo Gavazzi\", \"product\": \"UWP 3.0 Monitoring Gateway and Controller\", \"versions\": [{\"status\": \"affected\", \"version\": \"8\", \"lessThan\": \"8.5.0.3\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Carlo Gavazzi\", \"product\": \"UWP 3.0 Monitoring Gateway and Controller \\u2013 Security Enhanced\", \"versions\": [{\"status\": \"affected\", \"version\": \"8\", \"lessThan\": \"8.5.0.3\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Carlo Gavazzi\", \"product\": \"UWP 3.0 Monitoring Gateway and Controller \\u2013 EDP version\", \"versions\": [{\"status\": \"affected\", \"version\": \"8\", \"lessThan\": \"8.5.0.3\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Carlo Gavazzi\", \"product\": \"CPY Car Park Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"2\", \"lessThan\": \"2.8.3\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://cert.vde.com/en/advisories/VDE-2022-029/\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy is prone to reflected XSS which only affects the Sentilo service.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79 Cross-site Scripting (XSS)\"}]}], \"providerMetadata\": {\"orgId\": \"270ccfa6-a436-4e77-922e-914ec3a9685c\", \"shortName\": \"CERTVDE\", \"dateUpdated\": \"2022-09-28T13:45:37.000Z\"}, \"x_legacyV4Record\": {\"credit\": [{\"lang\": \"eng\", \"value\": \"Vera Mens from Claroty Research\"}], \"impact\": {\"cvss\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, \"source\": {\"advisory\": \"VDE-2022-029\", \"discovery\": \"EXTERNAL\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_name\": \"8\", \"version_value\": \"8.5.0.3\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"UWP 3.0 Monitoring Gateway and Controller\"}, {\"version\": {\"version_data\": [{\"version_name\": \"8\", \"version_value\": \"8.5.0.3\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"UWP 3.0 Monitoring Gateway and Controller \\u2013 Security Enhanced\"}, {\"version\": {\"version_data\": [{\"version_name\": \"8\", \"version_value\": \"8.5.0.3\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"UWP 3.0 Monitoring Gateway and Controller \\u2013 EDP version\"}, {\"version\": {\"version_data\": [{\"version_name\": \"2\", \"version_value\": \"2.8.3\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"CPY Car Park Server\"}]}, \"vendor_name\": \"Carlo Gavazzi\"}]}}, \"data_type\": \"CVE\", \"generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"references\": {\"reference_data\": [{\"url\": \"https://cert.vde.com/en/advisories/VDE-2022-029/\", \"name\": \"https://cert.vde.com/en/advisories/VDE-2022-029/\", \"refsource\": \"CONFIRM\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy is prone to reflected XSS which only affects the Sentilo service.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-79 Cross-site Scripting (XSS)\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2022-28816\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Reflected XSS in Carlo Gavazzi UWP 3.0\", \"ASSIGNER\": \"info@cert.vde.com\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-28816\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-20T20:36:50.107Z\", \"dateReserved\": \"2022-04-08T00:00:00.000Z\", \"assignerOrgId\": \"270ccfa6-a436-4e77-922e-914ec3a9685c\", \"datePublished\": \"2022-09-28T13:45:37.000Z\", \"assignerShortName\": \"CERTVDE\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…