CVE-2022-22525

EUVD-2022-27671
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an remote attacker with admin rights could execute arbitrary commands due to missing input sanitization in the backup restore function
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CERTVDECNA
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
Affected Products (NVD)
VendorProductVersion
gavazziautomationcpy_car_park_server
𝑥
< 2.8.3
gavazziautomationuwp_3.0_monitoring_gateway_and_controller_firmware
𝑥
< 8.5.0.3
gavazziautomationuwp_3.0_monitoring_gateway_and_controller_firmware
𝑥
< 8.5.0.3
gavazziautomationuwp_3.0_monitoring_gateway_and_controller_firmware
𝑥
< 8.5.0.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cert.vde.com/en/advisories/VDE-2022-029/
https://cert.vde.com/en/advisories/VDE-2022-029/