Carlo Gavazzi Cpy Car Park Server vulnerabilities
11 known vulnerabilities affecting carlo_gavazzi/cpy_car_park_server.
Total CVEs
11
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL6HIGH3MEDIUM1LOW1
Vulnerabilities
Page 1 of 1
CVE-2022-28812P2CRITICALCVSS 9.8≥ 2, < 2.8.32022-09-28
CVE-2022-28812 [CRITICAL] CWE-798 CVE-2022-28812: In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unau
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain SuperUser access to the device.
nvd
CVE-2022-22522P2CRITICALCVSS 9.8≥ 2, < 2.8.32022-09-28
CVE-2022-22522 [CRITICAL] CWE-798 CVE-2022-22522: In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unau
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain full access to the device.
nvd
CVE-2022-22526P2CRITICALCVSS 9.8≥ 2, < 2.8.32022-09-28
CVE-2022-22526 [CRITICAL] CWE-306 CVE-2022-22526: In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a missing auth
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a missing authentication allows for full access via API.
nvd
CVE-2022-28811P2CRITICALCVSS 9.8≥ 2, < 2.8.32022-09-28
CVE-2022-28811 [CRITICAL] CWE-78 CVE-2022-28811: In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unau
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could utilize an improper input validation on an API-submitted parameter to execute arbitrary OS commands.
nvd
CVE-2022-22524P2CRITICALCVSS 9.4≥ 2, < 2.8.32022-09-28
CVE-2022-22524 [CRITICAL] CWE-89 CVE-2022-22524: In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an unauthentic
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an unauthenticated remote attacker could utilize a SQL-Injection vulnerability to gain full database access, modify users and stop services .
nvd
CVE-2022-28814P3CRITICALCVSS 9.8≥ 2, < 2.8.32022-09-28
CVE-2022-28814 [CRITICAL] CWE-23 CVE-2022-28814: Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 was discovered to
Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 was discovered to be vulnerable to a relative path traversal vulnerability which enables remote attackers to read arbitrary files and gain full control of the device.
nvd
CVE-2022-28813P3HIGHCVSS 7.5≥ 2, < 2.8.32022-09-28
CVE-2022-28813 [HIGH] CWE-89 CVE-2022-28813: In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unau
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of an SQL-injection to gain access to a volatile temporary database with the current states of the device.
nvd
CVE-2022-22523P3HIGHCVSS 7.5≥ 2, < 2.8.32022-09-28
CVE-2022-22523 [HIGH] CWE-287 CVE-2022-22523: An improper authentication vulnerability exists in the Carlo Gavazzi UWP3.0 in multiple versions and
An improper authentication vulnerability exists in the Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 Web-App which allows an authentication bypass to the context of an unauthorised user if free-access is disabled.
nvd
CVE-2022-22525P3HIGHCVSS 7.2≥ 2, < 2.8.32022-09-28
CVE-2022-22525 [HIGH] CWE-20 CVE-2022-22525: In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an remote atta
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an remote attacker with admin rights could execute arbitrary commands due to missing input sanitization in the backup restore function
nvd
CVE-2022-28816P4MEDIUMCVSS 6.1≥ 2, < 2.8.32022-09-28
CVE-2022-28816 [MEDIUM] CWE-79 CVE-2022-28816: In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Pr
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy is prone to reflected XSS which only affects the Sentilo service.
nvd
CVE-2022-28815P4LOWCVSS 2.7≥ 2, < 2.8.32022-09-28
CVE-2022-28815 [LOW] CWE-89 CVE-2022-28815: In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Pr
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy server was discovered to contain a SQL injection vulnerability allowing an attacker to query other tables of the Sentilo service.
nvd