CVE-2022-28814
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: info@cert.vde.com (Secondary)
Description
Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 was discovered to be vulnerable to a relative path traversal vulnerability which enables remote attackers to read arbitrary files and gain full control of the device.
Affected (4)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.8.3 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.5.0.3 |
| Running on/with | Platform Versions |
|---|---|
Gavazziautomation Uwp 3.0 Monitoring Gateway And Controller | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.5.0.3 |
| Running on/with | Platform Versions |
|---|---|
Gavazziautomation Uwp 3.0 Monitoring Gateway And Controller | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.5.0.3 |
| Running on/with | Platform Versions |
|---|---|
Gavazziautomation Uwp 3.0 Monitoring Gateway And Controller | All versions |
Related CWEs
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
CWE-23
Relative Path Traversal
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.
References (2)
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Timeline
No history available yet.