← volver
CVE-2022-22523

Carlo Gavazzi UWP 3.0 WebApp allows for authentication bypass

CVSS 7.5 HIGHEPSS 0.6%CWE-287
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.5EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
28 sep 2022Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
An improper authentication vulnerability exists in the Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 Web-App which allows an authentication bypass to the context of an unauthorised user if free-access is disabled.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Productos afectados
Carlo Gavazzi · CPY Car Park ServerCarlo Gavazzi · UWP 3.0 Monitoring Gateway and ControllerCarlo Gavazzi · UWP 3.0 Monitoring Gateway and Controller – EDP versionCarlo Gavazzi · UWP 3.0 Monitoring Gateway and Controller – Security Enhanced

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://cert.vde.com/en/advisories/VDE-2022-029/