← back
CVE-2022-22525

Command injection in restore function of Carlo Gavazzi UWP3.0 allows for command injection

CVSS 7.2 HIGHEPSS 1.0%CWE-20
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an remote attacker with admin rights could execute arbitrary commands due to missing input sanitization in the backup restore function
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
Carlo Gavazzi · CPY Car Park ServerCarlo Gavazzi · UWP 3.0 Monitoring Gateway and ControllerCarlo Gavazzi · UWP 3.0 Monitoring Gateway and Controller – EDP versionCarlo Gavazzi · UWP 3.0 Monitoring Gateway and Controller – Security Enhanced

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cert.vde.com/en/advisories/VDE-2022-029/