CVE-2022-22525 - Vulnerability Details - OpenCVE

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an remote attacker with admin rights could execute arbitrary commands due to missing input sanitization in the backup restore function

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Gavazziautomation	Cpy Car Park Server Uwp 3.0 Monitoring Gateway And Controller Uwp 3.0 Monitoring Gateway And Controller Firmware

Configuration 1 [-]

cpe:2.3:a:gavazziautomation:cpy_car_park_server:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:edp:*:*:*:*:*

cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:edp:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:security_enhanced:*:*:*:*:*

cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:security_enhanced:*:*:*:*:*

No data.

References

Link	Providers
https://cert.vde.com/en/advisories/VDE-2022-029/

History

Wed, 21 May 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2022-09-28T13:45:30.000Z

Updated: 2025-05-21T14:36:52.620Z

Reserved: 2022-01-03T00:00:00.000Z

Link: CVE-2022-22525

Vulnrichment

Updated: 2024-08-03T03:14:55.414Z

NVD

Status : Modified

Published: 2022-09-28T14:15:10.187

Modified: 2024-11-21T06:46:57.463

Link: CVE-2022-22525

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "UWP 3.0 Monitoring Gateway and Controller", "vendor": "Carlo Gavazzi", "versions": [{"lessThan": "8.5.0.3", "status": "affected", "version": "8", "versionType": "custom"}]}, {"product": "UWP 3.0 Monitoring Gateway and Controller \u2013 Security Enhanced", "vendor": "Carlo Gavazzi", "versions": [{"lessThan": "8.5.0.3", "status": "affected", "version": "8", "versionType": "custom"}]}, {"product": "UWP 3.0 Monitoring Gateway and Controller \u2013 EDP version", "vendor": "Carlo Gavazzi", "versions": [{"lessThan": "8.5.0.3", "status": "affected", "version": "8", "versionType": "custom"}]}, {"product": "CPY Car Park Server", "vendor": "Carlo Gavazzi", "versions": [{"lessThan": "2.8.3", "status": "affected", "version": "2", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Vera Mens from Claroty Research"}], "descriptions": [{"lang": "en", "value": "In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an remote attacker with admin rights could execute arbitrary commands due to missing input sanitization in the backup restore function"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-28T13:45:30.000Z", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://cert.vde.com/en/advisories/VDE-2022-029/"}], "source": {"advisory": "VDE-2022-029", "discovery": "EXTERNAL"}, "title": "Command injection in restore function of Carlo Gavazzi UWP3.0 allows for command injection", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2022-22525", "STATE": "PUBLIC", "TITLE": "Command injection in restore function of Carlo Gavazzi UWP3.0 allows for command injection"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "UWP 3.0 Monitoring Gateway and Controller", "version": {"version_data": [{"version_affected": "<", "version_name": "8", "version_value": "8.5.0.3"}]}}, {"product_name": "UWP 3.0 Monitoring Gateway and Controller \u2013 Security Enhanced", "version": {"version_data": [{"version_affected": "<", "version_name": "8", "version_value": "8.5.0.3"}]}}, {"product_name": "UWP 3.0 Monitoring Gateway and Controller \u2013 EDP version", "version": {"version_data": [{"version_affected": "<", "version_name": "8", "version_value": "8.5.0.3"}]}}, {"product_name": "CPY Car Park Server", "version": {"version_data": [{"version_affected": "<", "version_name": "2", "version_value": "2.8.3"}]}}]}, "vendor_name": "Carlo Gavazzi"}]}}, "credit": [{"lang": "eng", "value": "Vera Mens from Claroty Research"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an remote attacker with admin rights could execute arbitrary commands due to missing input sanitization in the backup restore function"}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20 Improper Input Validation"}]}]}, "references": {"reference_data": [{"name": "https://cert.vde.com/en/advisories/VDE-2022-029/", "refsource": "CONFIRM", "url": "https://cert.vde.com/en/advisories/VDE-2022-029/"}]}, "source": {"advisory": "VDE-2022-029", "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:14:55.414Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert.vde.com/en/advisories/VDE-2022-029/"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-21T14:36:46.092109Z", "id": "CVE-2022-22525", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-21T14:36:52.620Z"}}]}, "cveMetadata": {"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2022-22525", "datePublished": "2022-09-28T13:45:30.000Z", "dateReserved": "2022-01-03T00:00:00.000Z", "dateUpdated": "2025-05-21T14:36:52.620Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"containers": {"cna": {"affected": [{"product": "UWP 3.0 Monitoring Gateway and Controller", "vendor": "Carlo Gavazzi", "versions": [{"lessThan": "8.5.0.3", "status": "affected", "version": "8", "versionType": "custom"}]}, {"product": "UWP 3.0 Monitoring Gateway and Controller \u2013 Security Enhanced", "vendor": "Carlo Gavazzi", "versions": [{"lessThan": "8.5.0.3", "status": "affected", "version": "8", "versionType": "custom"}]}, {"product": "UWP 3.0 Monitoring Gateway and Controller \u2013 EDP version", "vendor": "Carlo Gavazzi", "versions": [{"lessThan": "8.5.0.3", "status": "affected", "version": "8", "versionType": "custom"}]}, {"product": "CPY Car Park Server", "vendor": "Carlo Gavazzi", "versions": [{"lessThan": "2.8.3", "status": "affected", "version": "2", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Vera Mens from Claroty Research"}], "descriptions": [{"lang": "en", "value": "In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an remote attacker with admin rights could execute arbitrary commands due to missing input sanitization in the backup restore function"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-28T13:45:30.000Z", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://cert.vde.com/en/advisories/VDE-2022-029/"}], "source": {"advisory": "VDE-2022-029", "discovery": "EXTERNAL"}, "title": "Command injection in restore function of Carlo Gavazzi UWP3.0 allows for command injection", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2022-22525", "STATE": "PUBLIC", "TITLE": "Command injection in restore function of Carlo Gavazzi UWP3.0 allows for command injection"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "UWP 3.0 Monitoring Gateway and Controller", "version": {"version_data": [{"version_affected": "<", "version_name": "8", "version_value": "8.5.0.3"}]}}, {"product_name": "UWP 3.0 Monitoring Gateway and Controller \u2013 Security Enhanced", "version": {"version_data": [{"version_affected": "<", "version_name": "8", "version_value": "8.5.0.3"}]}}, {"product_name": "UWP 3.0 Monitoring Gateway and Controller \u2013 EDP version", "version": {"version_data": [{"version_affected": "<", "version_name": "8", "version_value": "8.5.0.3"}]}}, {"product_name": "CPY Car Park Server", "version": {"version_data": [{"version_affected": "<", "version_name": "2", "version_value": "2.8.3"}]}}]}, "vendor_name": "Carlo Gavazzi"}]}}, "credit": [{"lang": "eng", "value": "Vera Mens from Claroty Research"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an remote attacker with admin rights could execute arbitrary commands due to missing input sanitization in the backup restore function"}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20 Improper Input Validation"}]}]}, "references": {"reference_data": [{"name": "https://cert.vde.com/en/advisories/VDE-2022-029/", "refsource": "CONFIRM", "url": "https://cert.vde.com/en/advisories/VDE-2022-029/"}]}, "source": {"advisory": "VDE-2022-029", "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:14:55.414Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert.vde.com/en/advisories/VDE-2022-029/"}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-22525", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-21T14:36:46.092109Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-21T14:36:49.645Z"}}]}, "cveMetadata": {"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2022-22525", "datePublished": "2022-09-28T13:45:30.000Z", "dateReserved": "2022-01-03T00:00:00.000Z", "dateUpdated": "2025-05-21T14:36:52.620Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gavazziautomation:cpy_car_park_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "6E670508-7A94-4A01-9C2B-51E82D5A861F", "versionEndExcluding": "2.8.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "14B2D9AB-2D19-4AD6-A049-CDB6814CC8D0", "versionEndExcluding": "8.5.0.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:*:*:*:*:*:*", "matchCriteriaId": "90DBF492-5F3A-4F53-ACFC-59F89470D632", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:edp:*:*:*:*:*", "matchCriteriaId": "5BFC1445-995C-44F7-BE85-E0C1D462573E", "versionEndExcluding": "8.5.0.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:edp:*:*:*:*:*", "matchCriteriaId": "C7900CB8-560F-4DD7-82B9-8226A8F5F5CC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:security_enhanced:*:*:*:*:*", "matchCriteriaId": "F6584CB1-FA0B-468D-AA58-F2D2F33763AA", "versionEndExcluding": "8.5.0.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:security_enhanced:*:*:*:*:*", "matchCriteriaId": "B29F6465-3533-4B50-B436-4DC4E6F1B361", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an remote attacker with admin rights could execute arbitrary commands due to missing input sanitization in the backup restore function"}, {"lang": "es", "value": "En Carlo Gavazzi UWP versi\u00f3n 3.0 en m\u00faltiples versiones y CPY Car Park Server en versi\u00f3n 2.8.3, un atacante remoto con derechos de administrador podr\u00eda ejecutar comandos arbitrarios debido a una falta de saneo de entrada en la funci\u00f3n backup restore"}], "id": "CVE-2022-22525", "lastModified": "2024-11-21T06:46:57.463", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "[email protected]", "type": "Secondary"}]}, "published": "2022-09-28T14:15:10.187", "references": [{"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://cert.vde.com/en/advisories/VDE-2022-029/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://cert.vde.com/en/advisories/VDE-2022-029/"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "[email protected]", "type": "Secondary"}]}