CVE-2022-28811

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could utilize an improper input validation on an API-submitted parameter to execute arbitrary OS commands.
References
Link Resource
https://cert.vde.com/en/advisories/VDE-2022-029/ Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:gavazziautomation:cpy_car_park_server:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:edp:*:*:*:*:*
cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:edp:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:security_enhanced:*:*:*:*:*
cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:security_enhanced:*:*:*:*:*

History

30 Sep 2022, 02:10

Type Values Removed Values Added
CWE CWE-20 CWE-78
First Time Gavazziautomation uwp 3.0 Monitoring Gateway And Controller Firmware
Gavazziautomation cpy Car Park Server
Gavazziautomation uwp 3.0 Monitoring Gateway And Controller
Gavazziautomation
References (CONFIRM) https://cert.vde.com/en/advisories/VDE-2022-029/ - (CONFIRM) https://cert.vde.com/en/advisories/VDE-2022-029/ - Third Party Advisory
CPE cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:security_enhanced:*:*:*:*:*
cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:edp:*:*:*:*:*
cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:security_enhanced:*:*:*:*:*
cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:*:*:*:*:*:*
cpe:2.3:a:gavazziautomation:cpy_car_park_server:*:*:*:*:*:*:*:*
cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:edp:*:*:*:*:*

28 Sep 2022, 14:50

Type Values Removed Values Added
New CVE

Information

Published : 2022-09-28 14:15

Updated : 2023-12-10 14:35


NVD link : CVE-2022-28811

Mitre link : CVE-2022-28811

CVE.ORG link : CVE-2022-28811


JSON object : View

Products Affected

gavazziautomation

  • uwp_3.0_monitoring_gateway_and_controller
  • uwp_3.0_monitoring_gateway_and_controller_firmware
  • cpy_car_park_server
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')