← volver
CVE-2022-22525

Command injection in restore function of Carlo Gavazzi UWP3.0 allows for command injection

CVSS 7.2 HIGHEPSS 1.0%CWE-20
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an remote attacker with admin rights could execute arbitrary commands due to missing input sanitization in the backup restore function
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Productos afectados
Carlo Gavazzi · CPY Car Park ServerCarlo Gavazzi · UWP 3.0 Monitoring Gateway and ControllerCarlo Gavazzi · UWP 3.0 Monitoring Gateway and Controller – EDP versionCarlo Gavazzi · UWP 3.0 Monitoring Gateway and Controller – Security Enhanced

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://cert.vde.com/en/advisories/VDE-2022-029/