cbcvebase.
CVE-2022-28812
published 2022-09-28

CVE-2022-28812: In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded…

PriorityP271critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.85%
53.5th percentile
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain SuperUser access to the device.

Affected

6 ranges
VendorProductVersion rangeFixed in
carlo_gavazzicpy_car_park_server>= 2 < 2.8.32.8.3
carlo_gavazziuwp_3.0_monitoring_gateway_and_controller>= 8 < 8.5.0.38.5.0.3
carlo_gavazziuwp_3.0_monitoring_gateway_and_controller_edp_version>= 8 < 8.5.0.38.5.0.3
carlo_gavazziuwp_3.0_monitoring_gateway_and_controller_security_enhanced>= 8 < 8.5.0.38.5.0.3
gavazziautomationcpy_car_park_server< 2.8.32.8.3
gavazziautomationuwp_3.0_monitoring_gateway_and_controller_firmware< 8.5.0.38.5.0.3
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.