Vulnerabilities > CVE-2022-28815 - Unspecified vulnerability in Gavazziautomation products

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

gavazziautomation

NVD

Published: 2022-09-28

Updated: 2024-11-21

Summary

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy server was discovered to contain a SQL injection vulnerability allowing an attacker to query other tables of the Sentilo service.

Vulnerable Configurations

Part	Description	Count
Application	Gavazziautomation Gavazziautomation CPY CAR Park Server *	1
OS	Gavazziautomation Gavazziautomation UWP 3.0 Monitoring Gateway AND Controller Firmware *	3
Hardware	Gavazziautomation Gavazziautomation UWP 3.0 Monitoring Gateway AND Controller -	3

References

https://cert.vde.com/en/advisories/VDE-2022-029/
https://cert.vde.com/en/advisories/VDE-2022-029/