cbcvebase.
CVE-2022-28811
published 2022-09-28

CVE-2022-28811: In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could utilize an improper input…

PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.03%
59.3th percentile
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could utilize an improper input validation on an API-submitted parameter to execute arbitrary OS commands.

Affected

6 ranges
VendorProductVersion rangeFixed in
carlo_gavazzicpy_car_park_server>= 2 < 2.8.32.8.3
carlo_gavazziuwp_3.0_monitoring_gateway_and_controller>= 8 < 8.5.0.38.5.0.3
carlo_gavazziuwp_3.0_monitoring_gateway_and_controller_edp_version>= 8 < 8.5.0.38.5.0.3
carlo_gavazziuwp_3.0_monitoring_gateway_and_controller_security_enhanced>= 8 < 8.5.0.38.5.0.3
gavazziautomationcpy_car_park_server< 2.8.32.8.3
gavazziautomationuwp_3.0_monitoring_gateway_and_controller_firmware< 8.5.0.38.5.0.3
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.