cbcvebase.
CVE-2022-28815
published 2022-09-28

CVE-2022-28815: In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy server was discovered to contain a SQL injection…

PriorityP416low2.7CVSS 3.1
AVNACLPRHUINSUCLINAN
EPSS
0.43%
34.3th percentile
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy server was discovered to contain a SQL injection vulnerability allowing an attacker to query other tables of the Sentilo service.

Affected

6 ranges
VendorProductVersion rangeFixed in
carlo_gavazzicpy_car_park_server>= 2 < 2.8.32.8.3
carlo_gavazziuwp_3.0_monitoring_gateway_and_controller>= 8 < 8.5.0.38.5.0.3
carlo_gavazziuwp_3.0_monitoring_gateway_and_controller_edp_version>= 8 < 8.5.0.38.5.0.3
carlo_gavazziuwp_3.0_monitoring_gateway_and_controller_security_enhanced>= 8 < 8.5.0.38.5.0.3
gavazziautomationcpy_car_park_server< 2.8.32.8.3
gavazziautomationuwp_3.0_monitoring_gateway_and_controller_firmware< 8.5.0.38.5.0.3
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.