VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 28, 2022· Updated May 20, 2025

Path traversal in Carlo Gavazzi UWP 3.0 could lead to full device access

CVE-2022-28814

Description

Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 was discovered to be vulnerable to a relative path traversal vulnerability which enables remote attackers to read arbitrary files and gain full control of the device.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A relative path traversal vulnerability in Carlo Gavazzi UWP3.0 and CPY Car Park Server v2.8.3 allows unauthenticated remote attackers to read arbitrary files and gain full device control.

Vulnerability

Carlo Gavazzi UWP3.0 (multiple versions) and CPY Car Park Server version 2.8.3 are affected by a relative path traversal vulnerability [1]. The flaw resides in the device's web interface, allowing an attacker to traverse directories outside the intended web root.

Exploitation

An unauthenticated remote attacker can exploit this vulnerability by sending specially crafted HTTP requests containing path traversal sequences (e.g., ../) to read arbitrary files on the device [1]. No user interaction or special privileges are required.

Impact

Successful exploitation enables the attacker to read sensitive files, such as configuration files or credentials, potentially leading to full compromise of the device [1]. The advisory notes that an attacker can gain full access to the affected devices.

Mitigation

As of the publication date of the advisory (2022-09-26), no official fix has been released by Carlo Gavazzi [1]. Users are advised to restrict network access to the affected devices and monitor for updates from the vendor.

References
  1. Carlo Gavazzi Controls: Multiple Vulnerabilities in Controller UWP 3.0

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

6
  • Carlosgavazzi/UWP3.0llm-fuzzy
  • Carlosgavazzi/CPY Car Park Serverllm-fuzzy2 versions
    = 2.8.3+ 1 more
    • (no CPE)range: = 2.8.3
    • (no CPE)range: 2
  • Carlo Gavazzi/UWP 3.0 Monitoring Gateway and Controllerv5
    Range: 8
  • Carlo Gavazzi/UWP 3.0 Monitoring Gateway and Controller – EDP versionv5
    Range: 8
  • Carlo Gavazzi/UWP 3.0 Monitoring Gateway and Controller – Security Enhancedv5
    Range: 8

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.