{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-17T10:28:56.890","vulnerabilities":[{"cve":{"id":"CVE-2022-28811","sourceIdentifier":"info@cert.vde.com","published":"2022-09-28T14:15:10.343","lastModified":"2024-11-21T06:57:58.700","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could utilize an improper input validation on an API-submitted parameter to execute arbitrary OS commands."},{"lang":"es","value":"En Carlo Gavazzi UWP versión 3.0 en múltiples versiones y CPY Car Park Server en versión 2.8.3, un atacante remoto no autenticado, podría usar una comprobación de entrada inapropiada en un parámetro enviado por la API para ejecutar comandos arbitrarios del Sistema Operativo"}],"metrics":{"cvssMetricV31":[{"source":"info@cert.vde.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"info@cert.vde.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gavazziautomation:cpy_car_park_server:*:*:*:*:*:*:*:*","versionEndExcluding":"2.8.3","matchCriteriaId":"6E670508-7A94-4A01-9C2B-51E82D5A861F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"8.5.0.3","matchCriteriaId":"14B2D9AB-2D19-4AD6-A049-CDB6814CC8D0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:*:*:*:*:*:*","matchCriteriaId":"90DBF492-5F3A-4F53-ACFC-59F89470D632"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:edp:*:*:*:*:*","versionEndExcluding":"8.5.0.3","matchCriteriaId":"5BFC1445-995C-44F7-BE85-E0C1D462573E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:edp:*:*:*:*:*","matchCriteriaId":"C7900CB8-560F-4DD7-82B9-8226A8F5F5CC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:security_enhanced:*:*:*:*:*","versionEndExcluding":"8.5.0.3","matchCriteriaId":"F6584CB1-FA0B-468D-AA58-F2D2F33763AA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:security_enhanced:*:*:*:*:*","matchCriteriaId":"B29F6465-3533-4B50-B436-4DC4E6F1B361"}]}]}],"references":[{"url":"https://cert.vde.com/en/advisories/VDE-2022-029/","source":"info@cert.vde.com","tags":["Third Party Advisory"]},{"url":"https://cert.vde.com/en/advisories/VDE-2022-029/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}