VDE-2022-029

Vulnerability from csaf_carlogavazziautomation - Published: 2022-09-26 08:00 - Updated: 2026-03-02 11:00
Summary
Carlo Gavazzi Controls: Multiple Vulnerabilities in Controller UWP 3.0
Notes
Summary: The UWP 3.0 family of Monitoring Gateways and Controllers and the CPY Car Park Server are affected by multiple vulnerabilities in their set-up software, runtime firmware, embedded Web interface.
Impact: An attacker can get full access to the affected devices. See the vulnerability descriptions for details.
General recommendations: Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside Use firewalls to protect and separate the control system network from other networks Use VPN (Virtual Private Networks) tunnels if remote access is required Activate and apply user management and password features Use encrypted communication links Limit the access to both set-up and control system by physical means, operating system features, etc. Protect the set-up and control system by using up to date virus detecting solutions
Remediation: Please update to software/firmware versions as described below: | Article Nr. | Product Name and Description | Fixed in version | |------------------|---------------------------------------------------------------|--------------------------| | UWP30RSEXXX | UWP 3.0 Monitoring Gateway and Controller | >= 8.5.0.3 (available from April 27th, 2022) | | UWP30RSEXXXSE | UWP 3.0 Monitoring Gateway and Controller – Security Enhanced | >= 8.5.0.3 (available from April 27th, 2022) | | UWP30RSEXXXEDP | UWP 3.0 Monitoring Gateway and Controller – EDP version | >= 8.5.0.3 (available from April 27th, 2022) | | SBP2CPY24 | CPY Car Park Server | >= 2.8.3 (available from June 28th, 2022) |
CVE-2022-22522

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain full access to the device.

9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-798 - Use of Hard-coded Credentials
Vendor Fix Please update to software/firmware versions as described below: | Article Nr. | Product Name and Description | Fixed in version | |------------------|---------------------------------------------------------------|--------------------------| | UWP30RSEXXX | UWP 3.0 Monitoring Gateway and Controller | >= 8.5.0.3 (available from April 27th, 2022) | | UWP30RSEXXXSE | UWP 3.0 Monitoring Gateway and Controller – Security Enhanced | >= 8.5.0.3 (available from April 27th, 2022) | | UWP30RSEXXXEDP | UWP 3.0 Monitoring Gateway and Controller – EDP version | >= 8.5.0.3 (available from April 27th, 2022) | | SBP2CPY24 | CPY Car Park Server | >= 2.8.3 (available from June 28th, 2022) |
CVE-2022-22526

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a missing authentication allows for full access via API.

9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-306 - Missing Authentication for Critical Function
Vendor Fix Please update to software/firmware versions as described below: | Article Nr. | Product Name and Description | Fixed in version | |------------------|---------------------------------------------------------------|--------------------------| | UWP30RSEXXX | UWP 3.0 Monitoring Gateway and Controller | >= 8.5.0.3 (available from April 27th, 2022) | | UWP30RSEXXXSE | UWP 3.0 Monitoring Gateway and Controller – Security Enhanced | >= 8.5.0.3 (available from April 27th, 2022) | | UWP30RSEXXXEDP | UWP 3.0 Monitoring Gateway and Controller – EDP version | >= 8.5.0.3 (available from April 27th, 2022) | | SBP2CPY24 | CPY Car Park Server | >= 2.8.3 (available from June 28th, 2022) |
CVE-2022-28811

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could utilize an improper input validation on an API-submitted parameter to execute arbitrary OS commands.

9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Vendor Fix Please update to software/firmware versions as described below: | Article Nr. | Product Name and Description | Fixed in version | |------------------|---------------------------------------------------------------|--------------------------| | UWP30RSEXXX | UWP 3.0 Monitoring Gateway and Controller | >= 8.5.0.3 (available from April 27th, 2022) | | UWP30RSEXXXSE | UWP 3.0 Monitoring Gateway and Controller – Security Enhanced | >= 8.5.0.3 (available from April 27th, 2022) | | UWP30RSEXXXEDP | UWP 3.0 Monitoring Gateway and Controller – EDP version | >= 8.5.0.3 (available from April 27th, 2022) | | SBP2CPY24 | CPY Car Park Server | >= 2.8.3 (available from June 28th, 2022) |
CVE-2022-28812

n Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain SuperUser access to the device.

9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-798 - Use of Hard-coded Credentials
Vendor Fix Please update to software/firmware versions as described below: | Article Nr. | Product Name and Description | Fixed in version | |------------------|---------------------------------------------------------------|--------------------------| | UWP30RSEXXX | UWP 3.0 Monitoring Gateway and Controller | >= 8.5.0.3 (available from April 27th, 2022) | | UWP30RSEXXXSE | UWP 3.0 Monitoring Gateway and Controller – Security Enhanced | >= 8.5.0.3 (available from April 27th, 2022) | | UWP30RSEXXXEDP | UWP 3.0 Monitoring Gateway and Controller – EDP version | >= 8.5.0.3 (available from April 27th, 2022) | | SBP2CPY24 | CPY Car Park Server | >= 2.8.3 (available from June 28th, 2022) |
CVE-2022-28814

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in multiple versions was discovered to be vulnerable to a relative path traversal vulnerability which enables remote attackers to read arbitrary files and gain full control of the device.

9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-23 - Relative Path Traversal
Vendor Fix Please update to software/firmware versions as described below: | Article Nr. | Product Name and Description | Fixed in version | |------------------|---------------------------------------------------------------|--------------------------| | UWP30RSEXXX | UWP 3.0 Monitoring Gateway and Controller | >= 8.5.0.3 (available from April 27th, 2022) | | UWP30RSEXXXSE | UWP 3.0 Monitoring Gateway and Controller – Security Enhanced | >= 8.5.0.3 (available from April 27th, 2022) | | UWP30RSEXXXEDP | UWP 3.0 Monitoring Gateway and Controller – EDP version | >= 8.5.0.3 (available from April 27th, 2022) | | SBP2CPY24 | CPY Car Park Server | >= 2.8.3 (available from June 28th, 2022) |
CVE-2022-22524

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an unauthenticated remote attacker could utilize a SQL-Injection vulnerability to gain full database access, modify users and stop services .

9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Vendor Fix Please update to software/firmware versions as described below: | Article Nr. | Product Name and Description | Fixed in version | |------------------|---------------------------------------------------------------|--------------------------| | UWP30RSEXXX | UWP 3.0 Monitoring Gateway and Controller | >= 8.5.0.3 (available from April 27th, 2022) | | UWP30RSEXXXSE | UWP 3.0 Monitoring Gateway and Controller – Security Enhanced | >= 8.5.0.3 (available from April 27th, 2022) | | UWP30RSEXXXEDP | UWP 3.0 Monitoring Gateway and Controller – EDP version | >= 8.5.0.3 (available from April 27th, 2022) | | SBP2CPY24 | CPY Car Park Server | >= 2.8.3 (available from June 28th, 2022) |
CVE-2022-22523

An improper authentication vulnerability exists in the Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 Web-App which allows an authentication bypass to the context of an unauthorised user if free-access is disabled.

9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-287 - Improper Authentication
Vendor Fix Please update to software/firmware versions as described below: | Article Nr. | Product Name and Description | Fixed in version | |------------------|---------------------------------------------------------------|--------------------------| | UWP30RSEXXX | UWP 3.0 Monitoring Gateway and Controller | >= 8.5.0.3 (available from April 27th, 2022) | | UWP30RSEXXXSE | UWP 3.0 Monitoring Gateway and Controller – Security Enhanced | >= 8.5.0.3 (available from April 27th, 2022) | | UWP30RSEXXXEDP | UWP 3.0 Monitoring Gateway and Controller – EDP version | >= 8.5.0.3 (available from April 27th, 2022) | | SBP2CPY24 | CPY Car Park Server | >= 2.8.3 (available from June 28th, 2022) |
CVE-2022-28813

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of an SQL-injection to gain access to a volatile temporary database with the current states of the device.

9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Vendor Fix Please update to software/firmware versions as described below: | Article Nr. | Product Name and Description | Fixed in version | |------------------|---------------------------------------------------------------|--------------------------| | UWP30RSEXXX | UWP 3.0 Monitoring Gateway and Controller | >= 8.5.0.3 (available from April 27th, 2022) | | UWP30RSEXXXSE | UWP 3.0 Monitoring Gateway and Controller – Security Enhanced | >= 8.5.0.3 (available from April 27th, 2022) | | UWP30RSEXXXEDP | UWP 3.0 Monitoring Gateway and Controller – EDP version | >= 8.5.0.3 (available from April 27th, 2022) | | SBP2CPY24 | CPY Car Park Server | >= 2.8.3 (available from June 28th, 2022) |
CVE-2022-22525

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an remote attacker with admin rights could execute arbitrary commands due to missing input sanitization in the backup restore function.

9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-20 - Improper Input Validation
Vendor Fix Please update to software/firmware versions as described below: | Article Nr. | Product Name and Description | Fixed in version | |------------------|---------------------------------------------------------------|--------------------------| | UWP30RSEXXX | UWP 3.0 Monitoring Gateway and Controller | >= 8.5.0.3 (available from April 27th, 2022) | | UWP30RSEXXXSE | UWP 3.0 Monitoring Gateway and Controller – Security Enhanced | >= 8.5.0.3 (available from April 27th, 2022) | | UWP30RSEXXXEDP | UWP 3.0 Monitoring Gateway and Controller – EDP version | >= 8.5.0.3 (available from April 27th, 2022) | | SBP2CPY24 | CPY Car Park Server | >= 2.8.3 (available from June 28th, 2022) |
CVE-2022-28816

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy is prone to reflected XSS which only affects the Sentilo service.

9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Vendor Fix Please update to software/firmware versions as described below: | Article Nr. | Product Name and Description | Fixed in version | |------------------|---------------------------------------------------------------|--------------------------| | UWP30RSEXXX | UWP 3.0 Monitoring Gateway and Controller | >= 8.5.0.3 (available from April 27th, 2022) | | UWP30RSEXXXSE | UWP 3.0 Monitoring Gateway and Controller – Security Enhanced | >= 8.5.0.3 (available from April 27th, 2022) | | UWP30RSEXXXEDP | UWP 3.0 Monitoring Gateway and Controller – EDP version | >= 8.5.0.3 (available from April 27th, 2022) | | SBP2CPY24 | CPY Car Park Server | >= 2.8.3 (available from June 28th, 2022) |
CVE-2022-28815

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy server was discovered to contain a SQL injection vulnerability allowing an attacker to query other tables of the Sentilo service.

9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Vendor Fix Please update to software/firmware versions as described below: | Article Nr. | Product Name and Description | Fixed in version | |------------------|---------------------------------------------------------------|--------------------------| | UWP30RSEXXX | UWP 3.0 Monitoring Gateway and Controller | >= 8.5.0.3 (available from April 27th, 2022) | | UWP30RSEXXXSE | UWP 3.0 Monitoring Gateway and Controller – Security Enhanced | >= 8.5.0.3 (available from April 27th, 2022) | | UWP30RSEXXXEDP | UWP 3.0 Monitoring Gateway and Controller – EDP version | >= 8.5.0.3 (available from April 27th, 2022) | | SBP2CPY24 | CPY Car Park Server | >= 2.8.3 (available from June 28th, 2022) |
References
Acknowledgments
CERT@VDE
Claroty Research Vera Mens
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination and support with this publication"
      },
      {
        "names": [
          "Vera Mens"
        ],
        "organization": "Claroty Research",
        "summary": "reporting"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "\nThe UWP 3.0 family of Monitoring Gateways and Controllers and the CPY Car Park Server are affected by multiple vulnerabilities in their set-up software, runtime firmware, embedded Web interface.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "An attacker can get full access to the affected devices. See the vulnerability descriptions for details.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside\nUse firewalls to protect and separate the control system network from other networks\nUse VPN (Virtual Private Networks) tunnels if remote access is required\nActivate and apply user management and password features\nUse encrypted communication links\nLimit the access to both set-up and control system by physical means, operating system features, etc.\nProtect the set-up and control system by using up to date virus detecting solutions",
        "title": "General recommendations"
      },
      {
        "category": "description",
        "text": "Please update to software/firmware versions as described below:\n| Article Nr.      | Product Name and Description                                  | Fixed in version         |\n|------------------|---------------------------------------------------------------|--------------------------|\n| UWP30RSEXXX      | UWP 3.0 Monitoring Gateway and Controller                     | \u003e= 8.5.0.3 (available from April 27th, 2022) |\n| UWP30RSEXXXSE    | UWP 3.0 Monitoring Gateway and Controller \u2013 Security Enhanced  | \u003e= 8.5.0.3 (available from April 27th, 2022) |\n| UWP30RSEXXXEDP   | UWP 3.0 Monitoring Gateway and Controller \u2013 EDP version        | \u003e= 8.5.0.3 (available from April 27th, 2022) |\n| SBP2CPY24        | CPY Car Park Server                                           | \u003e= 2.8.3 (available from June 28th, 2022)    |\n",
        "title": "Remediation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "cybersecurity.cgc@gavazziacbu.it",
      "name": "Carlo Gavazzi Automation",
      "namespace": "https://www.gavazziautomation.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "VDE-2022-029: Carlo Gavazzi Controls: Multiple Vulnerabilities in Controller UWP 3.0 - HTML",
        "url": "https://certvde.com/de/advisories/VDE-2022-029/"
      },
      {
        "summary": "CERT@VDE Security Advisories for Carlo Gavazzi Controls SpA",
        "url": "https://certvde.com/de/advisories/vendor/gavazzi-controls/"
      },
      {
        "category": "self",
        "summary": "VDE-2022-029: Carlo Gavazzi Controls: Multiple Vulnerabilities in Controller UWP 3.0 - CSAF",
        "url": "https://gavazziautomation.csaf-tp.certvde.com/.well-known/csaf/white/2022/vde-2022-029.json"
      }
    ],
    "title": "Carlo Gavazzi Controls: Multiple Vulnerabilities in Controller UWP 3.0",
    "tracking": {
      "aliases": [
        "VDE-2022-029"
      ],
      "current_release_date": "2026-03-02T11:00:00.000Z",
      "generator": {
        "date": "2025-04-14T07:43:06.985Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.23"
        }
      },
      "id": "VDE-2022-029",
      "initial_release_date": "2022-09-26T08:00:00.000Z",
      "revision_history": [
        {
          "date": "2022-09-26T08:00:00.000Z",
          "number": "1.0.0",
          "summary": "Initial revision."
        },
        {
          "date": "2024-11-06T11:27:01.000Z",
          "number": "2.0.0",
          "summary": "Fix: added self-reference"
        },
        {
          "date": "2025-04-11T07:00:00.000Z",
          "number": "3.0.0",
          "summary": "Fix: version range, remove Issuing authority"
        },
        {
          "date": "2025-05-14T13:00:15.000Z",
          "number": "4.0.0",
          "summary": "Fix: added distribution"
        },
        {
          "date": "2026-03-02T11:00:00.000Z",
          "number": "5.0.0",
          "summary": "Fixed publisher name and switched to semver versioning"
        }
      ],
      "status": "final",
      "version": "5.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c2.8.3",
                    "product": {
                      "name": "Software CPY Car Park Server \u003c2.8.3",
                      "product_id": "CSAFPID-51001"
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "2.8.3",
                    "product": {
                      "name": "Software CPY Car Park Server 2.8.3",
                      "product_id": "CSAFPID-52001"
                    }
                  }
                ],
                "category": "product_name",
                "name": "CPY Car Park Server"
              }
            ],
            "category": "product_family",
            "name": "Software"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "UWP 3.0 Monitoring Gateway and Controller",
                "product": {
                  "name": "Hardware UWP 3.0 Monitoring Gateway and Controller",
                  "product_id": "CSAFPID-11001",
                  "product_identification_helper": {
                    "model_numbers": [
                      "UWP30RSEXXX"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "UWP 3.0 Monitoring Gateway and Controller \u2013 Security Enhanced",
                "product": {
                  "name": "Hardware UWP 3.0 Monitoring Gateway and Controller \u2013 Security Enhanced",
                  "product_id": "CSAFPID-11002",
                  "product_identification_helper": {
                    "model_numbers": [
                      "UWP30RSEXXXSE"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "UWP 3.0 Monitoring Gateway and Controller \u2013 EDP version",
                "product": {
                  "name": "Hardware UWP 3.0 Monitoring Gateway and Controller \u2013 EDP version",
                  "product_id": "CSAFPID-11003",
                  "product_identification_helper": {
                    "model_numbers": [
                      "UWP30RSEXXXEDP"
                    ]
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Hardware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c8.5.0.3",
                "product": {
                  "name": "Firmware \u003c8.5.0.3",
                  "product_id": "CSAFPID-21001"
                }
              },
              {
                "category": "product_version",
                "name": "8.5.0.3",
                "product": {
                  "name": "Firmware 8.5.0.3",
                  "product_id": "CSAFPID-22001"
                }
              }
            ],
            "category": "product_family",
            "name": "Firmware"
          }
        ],
        "category": "vendor",
        "name": "Carlo Gavazzi Controls"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-51001"
        ],
        "summary": "Affected products."
      },
      {
        "group_id": "CSAFGID-0002",
        "product_ids": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-32003",
          "CSAFPID-52001"
        ]
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c8.5.0.3 installed on Hardware UWP 3.0 Monitoring Gateway and Controller",
          "product_id": "CSAFPID-31001"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c8.5.0.3 installed on Hardware UWP 3.0 Monitoring Gateway and Controller \u2013 Security Enhanced",
          "product_id": "CSAFPID-31002"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c8.5.0.3 installed on Hardware UWP 3.0 Monitoring Gateway and Controller \u2013 EDP version",
          "product_id": "CSAFPID-31003"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 8.5.0.3 installed on Hardware UWP 3.0 Monitoring Gateway and Controller",
          "product_id": "CSAFPID-32001"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 8.5.0.3 installed on Hardware UWP 3.0 Monitoring Gateway and Controller \u2013 Security Enhanced",
          "product_id": "CSAFPID-32002"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 8.5.0.3 installed on Hardware UWP 3.0 Monitoring Gateway and Controller \u2013 EDP version",
          "product_id": "CSAFPID-32003"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11003"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-22522",
      "cwe": {
        "id": "CWE-798",
        "name": "Use of Hard-coded Credentials"
      },
      "notes": [
        {
          "category": "description",
          "text": "In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain full access to the device.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-32003",
          "CSAFPID-52001"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-51001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Please update to software/firmware versions as described below:\n| Article Nr.      | Product Name and Description                                  | Fixed in version         |\n|------------------|---------------------------------------------------------------|--------------------------|\n| UWP30RSEXXX      | UWP 3.0 Monitoring Gateway and Controller                     | \u003e= 8.5.0.3 (available from April 27th, 2022) |\n| UWP30RSEXXXSE    | UWP 3.0 Monitoring Gateway and Controller \u2013 Security Enhanced  | \u003e= 8.5.0.3 (available from April 27th, 2022) |\n| UWP30RSEXXXEDP   | UWP 3.0 Monitoring Gateway and Controller \u2013 EDP version        | \u003e= 8.5.0.3 (available from April 27th, 2022) |\n| SBP2CPY24        | CPY Car Park Server                                           | \u003e= 2.8.3 (available from June 28th, 2022)    |",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-51001"
          ]
        }
      ],
      "title": "CVE-2022-22522"
    },
    {
      "cve": "CVE-2022-22526",
      "cwe": {
        "id": "CWE-306",
        "name": "Missing Authentication for Critical Function"
      },
      "notes": [
        {
          "category": "description",
          "text": "In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a missing authentication allows for full access via API.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-32003",
          "CSAFPID-52001"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-51001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Please update to software/firmware versions as described below:\n| Article Nr.      | Product Name and Description                                  | Fixed in version         |\n|------------------|---------------------------------------------------------------|--------------------------|\n| UWP30RSEXXX      | UWP 3.0 Monitoring Gateway and Controller                     | \u003e= 8.5.0.3 (available from April 27th, 2022) |\n| UWP30RSEXXXSE    | UWP 3.0 Monitoring Gateway and Controller \u2013 Security Enhanced  | \u003e= 8.5.0.3 (available from April 27th, 2022) |\n| UWP30RSEXXXEDP   | UWP 3.0 Monitoring Gateway and Controller \u2013 EDP version        | \u003e= 8.5.0.3 (available from April 27th, 2022) |\n| SBP2CPY24        | CPY Car Park Server                                           | \u003e= 2.8.3 (available from June 28th, 2022)    |",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-51001"
          ]
        }
      ],
      "title": "CVE-2022-22526"
    },
    {
      "cve": "CVE-2022-28811",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "description",
          "text": "In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could utilize an improper input validation on an API-submitted parameter to execute arbitrary OS commands.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-32003",
          "CSAFPID-52001"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-51001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Please update to software/firmware versions as described below:\n| Article Nr.      | Product Name and Description                                  | Fixed in version         |\n|------------------|---------------------------------------------------------------|--------------------------|\n| UWP30RSEXXX      | UWP 3.0 Monitoring Gateway and Controller                     | \u003e= 8.5.0.3 (available from April 27th, 2022) |\n| UWP30RSEXXXSE    | UWP 3.0 Monitoring Gateway and Controller \u2013 Security Enhanced  | \u003e= 8.5.0.3 (available from April 27th, 2022) |\n| UWP30RSEXXXEDP   | UWP 3.0 Monitoring Gateway and Controller \u2013 EDP version        | \u003e= 8.5.0.3 (available from April 27th, 2022) |\n| SBP2CPY24        | CPY Car Park Server                                           | \u003e= 2.8.3 (available from June 28th, 2022)    |",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-51001"
          ]
        }
      ],
      "title": "CVE-2022-28811"
    },
    {
      "cve": "CVE-2022-28812",
      "cwe": {
        "id": "CWE-798",
        "name": "Use of Hard-coded Credentials"
      },
      "notes": [
        {
          "category": "description",
          "text": "n Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain SuperUser access to the device.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-32003",
          "CSAFPID-52001"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-51001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Please update to software/firmware versions as described below:\n| Article Nr.      | Product Name and Description                                  | Fixed in version         |\n|------------------|---------------------------------------------------------------|--------------------------|\n| UWP30RSEXXX      | UWP 3.0 Monitoring Gateway and Controller                     | \u003e= 8.5.0.3 (available from April 27th, 2022) |\n| UWP30RSEXXXSE    | UWP 3.0 Monitoring Gateway and Controller \u2013 Security Enhanced  | \u003e= 8.5.0.3 (available from April 27th, 2022) |\n| UWP30RSEXXXEDP   | UWP 3.0 Monitoring Gateway and Controller \u2013 EDP version        | \u003e= 8.5.0.3 (available from April 27th, 2022) |\n| SBP2CPY24        | CPY Car Park Server                                           | \u003e= 2.8.3 (available from June 28th, 2022)    |",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-51001"
          ]
        }
      ],
      "title": "CVE-2022-28812"
    },
    {
      "cve": "CVE-2022-28814",
      "cwe": {
        "id": "CWE-23",
        "name": "Relative Path Traversal"
      },
      "notes": [
        {
          "category": "description",
          "text": "In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in multiple versions was discovered to be vulnerable to a relative path traversal vulnerability which enables remote attackers to read arbitrary files and gain full control of the device.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-32003",
          "CSAFPID-52001"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-51001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Please update to software/firmware versions as described below:\n| Article Nr.      | Product Name and Description                                  | Fixed in version         |\n|------------------|---------------------------------------------------------------|--------------------------|\n| UWP30RSEXXX      | UWP 3.0 Monitoring Gateway and Controller                     | \u003e= 8.5.0.3 (available from April 27th, 2022) |\n| UWP30RSEXXXSE    | UWP 3.0 Monitoring Gateway and Controller \u2013 Security Enhanced  | \u003e= 8.5.0.3 (available from April 27th, 2022) |\n| UWP30RSEXXXEDP   | UWP 3.0 Monitoring Gateway and Controller \u2013 EDP version        | \u003e= 8.5.0.3 (available from April 27th, 2022) |\n| SBP2CPY24        | CPY Car Park Server                                           | \u003e= 2.8.3 (available from June 28th, 2022)    |",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-51001"
          ]
        }
      ],
      "title": "CVE-2022-28814"
    },
    {
      "cve": "CVE-2022-22524",
      "cwe": {
        "id": "CWE-89",
        "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
      },
      "notes": [
        {
          "category": "description",
          "text": "In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an unauthenticated remote attacker could utilize a SQL-Injection vulnerability to gain full database access, modify users and stop services .",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-32003",
          "CSAFPID-52001"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-51001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Please update to software/firmware versions as described below:\n| Article Nr.      | Product Name and Description                                  | Fixed in version         |\n|------------------|---------------------------------------------------------------|--------------------------|\n| UWP30RSEXXX      | UWP 3.0 Monitoring Gateway and Controller                     | \u003e= 8.5.0.3 (available from April 27th, 2022) |\n| UWP30RSEXXXSE    | UWP 3.0 Monitoring Gateway and Controller \u2013 Security Enhanced  | \u003e= 8.5.0.3 (available from April 27th, 2022) |\n| UWP30RSEXXXEDP   | UWP 3.0 Monitoring Gateway and Controller \u2013 EDP version        | \u003e= 8.5.0.3 (available from April 27th, 2022) |\n| SBP2CPY24        | CPY Car Park Server                                           | \u003e= 2.8.3 (available from June 28th, 2022)    |",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-51001"
          ]
        }
      ],
      "title": "CVE-2022-22524"
    },
    {
      "cve": "CVE-2022-22523",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "description",
          "text": "An improper authentication vulnerability exists in the Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 Web-App which allows an authentication bypass to the context of an unauthorised user if free-access is disabled.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-32003",
          "CSAFPID-52001"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-51001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Please update to software/firmware versions as described below:\n| Article Nr.      | Product Name and Description                                  | Fixed in version         |\n|------------------|---------------------------------------------------------------|--------------------------|\n| UWP30RSEXXX      | UWP 3.0 Monitoring Gateway and Controller                     | \u003e= 8.5.0.3 (available from April 27th, 2022) |\n| UWP30RSEXXXSE    | UWP 3.0 Monitoring Gateway and Controller \u2013 Security Enhanced  | \u003e= 8.5.0.3 (available from April 27th, 2022) |\n| UWP30RSEXXXEDP   | UWP 3.0 Monitoring Gateway and Controller \u2013 EDP version        | \u003e= 8.5.0.3 (available from April 27th, 2022) |\n| SBP2CPY24        | CPY Car Park Server                                           | \u003e= 2.8.3 (available from June 28th, 2022)    |",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-51001"
          ]
        }
      ],
      "title": "CVE-2022-22523"
    },
    {
      "cve": "CVE-2022-28813",
      "cwe": {
        "id": "CWE-89",
        "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
      },
      "notes": [
        {
          "category": "description",
          "text": "In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of an SQL-injection to gain access to a volatile temporary database with the current states of the device.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-32003",
          "CSAFPID-52001"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-51001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Please update to software/firmware versions as described below:\n| Article Nr.      | Product Name and Description                                  | Fixed in version         |\n|------------------|---------------------------------------------------------------|--------------------------|\n| UWP30RSEXXX      | UWP 3.0 Monitoring Gateway and Controller                     | \u003e= 8.5.0.3 (available from April 27th, 2022) |\n| UWP30RSEXXXSE    | UWP 3.0 Monitoring Gateway and Controller \u2013 Security Enhanced  | \u003e= 8.5.0.3 (available from April 27th, 2022) |\n| UWP30RSEXXXEDP   | UWP 3.0 Monitoring Gateway and Controller \u2013 EDP version        | \u003e= 8.5.0.3 (available from April 27th, 2022) |\n| SBP2CPY24        | CPY Car Park Server                                           | \u003e= 2.8.3 (available from June 28th, 2022)    |",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-51001"
          ]
        }
      ],
      "title": "CVE-2022-28813"
    },
    {
      "cve": "CVE-2022-22525",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "description",
          "text": "In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an remote attacker with admin rights could execute arbitrary commands due to missing input sanitization in the backup restore function.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-32003",
          "CSAFPID-52001"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-51001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Please update to software/firmware versions as described below:\n| Article Nr.      | Product Name and Description                                  | Fixed in version         |\n|------------------|---------------------------------------------------------------|--------------------------|\n| UWP30RSEXXX      | UWP 3.0 Monitoring Gateway and Controller                     | \u003e= 8.5.0.3 (available from April 27th, 2022) |\n| UWP30RSEXXXSE    | UWP 3.0 Monitoring Gateway and Controller \u2013 Security Enhanced  | \u003e= 8.5.0.3 (available from April 27th, 2022) |\n| UWP30RSEXXXEDP   | UWP 3.0 Monitoring Gateway and Controller \u2013 EDP version        | \u003e= 8.5.0.3 (available from April 27th, 2022) |\n| SBP2CPY24        | CPY Car Park Server                                           | \u003e= 2.8.3 (available from June 28th, 2022)    |",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-51001"
          ]
        }
      ],
      "title": "CVE-2022-22525"
    },
    {
      "cve": "CVE-2022-28816",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "description",
          "text": "In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy is prone to reflected XSS which only affects the Sentilo service.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-32003",
          "CSAFPID-52001"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-51001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Please update to software/firmware versions as described below:\n| Article Nr.      | Product Name and Description                                  | Fixed in version         |\n|------------------|---------------------------------------------------------------|--------------------------|\n| UWP30RSEXXX      | UWP 3.0 Monitoring Gateway and Controller                     | \u003e= 8.5.0.3 (available from April 27th, 2022) |\n| UWP30RSEXXXSE    | UWP 3.0 Monitoring Gateway and Controller \u2013 Security Enhanced  | \u003e= 8.5.0.3 (available from April 27th, 2022) |\n| UWP30RSEXXXEDP   | UWP 3.0 Monitoring Gateway and Controller \u2013 EDP version        | \u003e= 8.5.0.3 (available from April 27th, 2022) |\n| SBP2CPY24        | CPY Car Park Server                                           | \u003e= 2.8.3 (available from June 28th, 2022)    |",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-51001"
          ]
        }
      ],
      "title": "CVE-2022-28816"
    },
    {
      "cve": "CVE-2022-28815",
      "cwe": {
        "id": "CWE-89",
        "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
      },
      "notes": [
        {
          "category": "description",
          "text": "In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy server was discovered to contain a SQL injection vulnerability allowing an attacker to query other tables of the Sentilo service.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-32003",
          "CSAFPID-52001"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-51001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Please update to software/firmware versions as described below:\n| Article Nr.      | Product Name and Description                                  | Fixed in version         |\n|------------------|---------------------------------------------------------------|--------------------------|\n| UWP30RSEXXX      | UWP 3.0 Monitoring Gateway and Controller                     | \u003e= 8.5.0.3 (available from April 27th, 2022) |\n| UWP30RSEXXXSE    | UWP 3.0 Monitoring Gateway and Controller \u2013 Security Enhanced  | \u003e= 8.5.0.3 (available from April 27th, 2022) |\n| UWP30RSEXXXEDP   | UWP 3.0 Monitoring Gateway and Controller \u2013 EDP version        | \u003e= 8.5.0.3 (available from April 27th, 2022) |\n| SBP2CPY24        | CPY Car Park Server                                           | \u003e= 2.8.3 (available from June 28th, 2022)    |",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-51001"
          ]
        }
      ],
      "title": "CVE-2022-28815"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.