CVE-2022-22525 HIGH

CVE-2022-22525: Command injection in restore function of Carlo Gavazzi UWP3.0 allows for command injection

Vendor Carlo Gavazzi
Product UWP 3.0 Monitoring Gateway and Controller
Weakness CWE-20 · Input validation
Published September 28, 2022
Last update May 21, 2025

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an remote attacker with admin rights could execute arbitrary commands due to missing input sanitization in the backup restore function

Key dates

02Disclosure timeline

September 28, 2022 CVE published
May 21, 2025 Record updated