Vulnerabilities > CVE-2022-22525 - Unspecified vulnerability in Gavazziautomation products

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

gavazziautomation

NVD

Published: 2022-09-28

Updated: 2024-11-21

Summary

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an remote attacker with admin rights could execute arbitrary commands due to missing input sanitization in the backup restore function

Vulnerable Configurations

Part	Description	Count
Application	Gavazziautomation Gavazziautomation CPY CAR Park Server *	1
OS	Gavazziautomation Gavazziautomation UWP 3.0 Monitoring Gateway AND Controller Firmware *	3
Hardware	Gavazziautomation Gavazziautomation UWP 3.0 Monitoring Gateway AND Controller -	3

References

https://cert.vde.com/en/advisories/VDE-2022-029/
https://cert.vde.com/en/advisories/VDE-2022-029/