VYPR

Car Park Server

by CPY

CVEs (7)

  • CVE-2022-28812CriSep 28, 2022
    risk 0.64cvss 9.8epss 0.01

    In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain SuperUser access to the device.

  • CVE-2022-28811CriSep 28, 2022
    risk 0.64cvss 9.8epss 0.01

    In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could utilize an improper input validation on an API-submitted parameter to execute arbitrary OS commands.

  • CVE-2022-22526CriSep 28, 2022
    risk 0.64cvss 9.8epss 0.01

    In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a missing authentication allows for full access via API.

  • CVE-2022-22524CriSep 28, 2022
    risk 0.61cvss 9.4epss 0.01

    In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an unauthenticated remote attacker could utilize a SQL-Injection vulnerability to gain full database access, modify users and stop services .

  • CVE-2022-22525HigSep 28, 2022
    risk 0.47cvss 7.2epss 0.01

    In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an remote attacker with admin rights could execute arbitrary commands due to missing input sanitization in the backup restore function

  • CVE-2022-28816MedSep 28, 2022
    risk 0.40cvss 6.1epss 0.00

    In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy is prone to reflected XSS which only affects the Sentilo service.

  • CVE-2022-28815LowSep 28, 2022
    risk 0.18cvss 2.7epss 0.00

    In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy server was discovered to contain a SQL injection vulnerability allowing an attacker to query other tables of the Sentilo service.