cbcvebase.
CVE-2022-22524
published 2022-09-28

CVE-2022-22524: In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an unauthenticated remote attacker could utilize a SQL-Injection…

PriorityP263critical9.4CVSS 3.1
AVNACLPRNUINSUCHILAH
EPSS
0.90%
55.3th percentile
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an unauthenticated remote attacker could utilize a SQL-Injection vulnerability to gain full database access, modify users and stop services .

Affected

6 ranges
VendorProductVersion rangeFixed in
carlo_gavazzicpy_car_park_server>= 2 < 2.8.32.8.3
carlo_gavazziuwp_3.0_monitoring_gateway_and_controller>= 8 < 8.5.0.38.5.0.3
carlo_gavazziuwp_3.0_monitoring_gateway_and_controller_edp_version>= 8 < 8.5.0.38.5.0.3
carlo_gavazziuwp_3.0_monitoring_gateway_and_controller_security_enhanced>= 8 < 8.5.0.38.5.0.3
gavazziautomationcpy_car_park_server< 2.8.32.8.3
gavazziautomationuwp_3.0_monitoring_gateway_and_controller_firmware< 8.5.0.38.5.0.3
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.