CVE-2022-28816

Summary

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy is prone to reflected XSS which only affects the Sentilo service.

Affected Software

VendorProductVersion RangeStatus
Carlo GavazziUWP 3.0 Monitoring Gateway and Controller8 < 8.5.0.3affected
Carlo GavazziUWP 3.0 Monitoring Gateway and Controller – Security Enhanced8 < 8.5.0.3affected
Carlo GavazziUWP 3.0 Monitoring Gateway and Controller – EDP version8 < 8.5.0.3affected
Carlo GavazziCPY Car Park Server2 < 2.8.3affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References