CVE-2022-28813

Summary

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of an SQL-injection to gain access to a volatile temporary database with the current states of the device.

Affected Software

VendorProductVersion RangeStatus
Carlo GavazziUWP 3.0 Monitoring Gateway and Controller8 < 8.5.0.3affected
Carlo GavazziUWP 3.0 Monitoring Gateway and Controller – Security Enhanced8 < 8.5.0.3affected
Carlo GavazziUWP 3.0 Monitoring Gateway and Controller – EDP version8 < 8.5.0.3affected
Carlo GavazziCPY Car Park Server2 < 2.8.3affected

Weaknesses

  • CWE-89: CWE-89 SQL Injection

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References