VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 28, 2022· Updated May 21, 2025

SQL-injection in Carlo Gavazzi UWP 3.0 allows for full database access

CVE-2022-22524

Description

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an unauthenticated remote attacker could utilize a SQL-Injection vulnerability to gain full database access, modify users and stop services .

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An unauthenticated SQL injection vulnerability in Carlo Gavazzi UWP3.0 and CPY Car Park Server allows full database access, user modification, and service disruption.

Vulnerability

The affected products are Carlo Gavazzi UWP3.0 (multiple versions) and CPY Car Park Server version 2.8.3. A SQL injection vulnerability exists in the embedded web interface, allowing an unauthenticated attacker to inject arbitrary SQL commands.

Exploitation

An unauthenticated remote attacker can exploit this by sending crafted HTTP requests to the affected devices. No authentication or user interaction is required.

Impact

Successful exploitation grants the attacker full access to the device's database. The attacker can read, modify, or delete data, create or modify users, and stop services, leading to a complete compromise of confidentiality, integrity, and availability.

Mitigation

As of the publication date (2022-09-28), no official patches have been released. Users should apply network segmentation and restrict access to the devices. The vendor has been notified; updates are expected. [1]

References
  1. Carlo Gavazzi Controls: Multiple Vulnerabilities in Controller UWP 3.0

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

6
  • Carlosgavazzi/UWP3.0llm-fuzzy
  • Carlosgavazzi/CPY Car Park Serverllm-fuzzy2 versions
    = 2.8.3+ 1 more
    • (no CPE)range: = 2.8.3
    • (no CPE)range: 2
  • Carlo Gavazzi/UWP 3.0 Monitoring Gateway and Controllerv5
    Range: 8
  • Carlo Gavazzi/UWP 3.0 Monitoring Gateway and Controller – EDP versionv5
    Range: 8
  • Carlo Gavazzi/UWP 3.0 Monitoring Gateway and Controller – Security Enhancedv5
    Range: 8

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.