{"containers":{"cna":{"affected":[{"product":"UWP 3.0 Monitoring Gateway and Controller","vendor":"Carlo Gavazzi","versions":[{"lessThan":"8.5.0.3","status":"affected","version":"8","versionType":"custom"}]},{"product":"UWP 3.0 Monitoring Gateway and Controller – Security Enhanced","vendor":"Carlo Gavazzi","versions":[{"lessThan":"8.5.0.3","status":"affected","version":"8","versionType":"custom"}]},{"product":"UWP 3.0 Monitoring Gateway and Controller – EDP version","vendor":"Carlo Gavazzi","versions":[{"lessThan":"8.5.0.3","status":"affected","version":"8","versionType":"custom"}]},{"product":"CPY Car Park Server","vendor":"Carlo Gavazzi","versions":[{"lessThan":"2.8.3","status":"affected","version":"2","versionType":"custom"}]}],"credits":[{"lang":"en","value":"Vera Mens from Claroty Research"}],"descriptions":[{"lang":"en","value":"In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an remote attacker with admin rights could execute arbitrary commands due to missing input sanitization in the backup restore function"}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-20","description":"CWE-20 Improper Input Validation","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2022-09-28T13:45:30.000Z","orgId":"270ccfa6-a436-4e77-922e-914ec3a9685c","shortName":"CERTVDE"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://cert.vde.com/en/advisories/VDE-2022-029/"}],"source":{"advisory":"VDE-2022-029","discovery":"EXTERNAL"},"title":"Command injection in restore function of Carlo Gavazzi UWP3.0 allows for command injection","x_generator":{"engine":"Vulnogram 0.0.9"},"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"info@cert.vde.com","ID":"CVE-2022-22525","STATE":"PUBLIC","TITLE":"Command injection in restore function of Carlo Gavazzi UWP3.0 allows for command injection"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"UWP 3.0 Monitoring Gateway and Controller","version":{"version_data":[{"version_affected":"<","version_name":"8","version_value":"8.5.0.3"}]}},{"product_name":"UWP 3.0 Monitoring Gateway and Controller – Security Enhanced","version":{"version_data":[{"version_affected":"<","version_name":"8","version_value":"8.5.0.3"}]}},{"product_name":"UWP 3.0 Monitoring Gateway and Controller – EDP version","version":{"version_data":[{"version_affected":"<","version_name":"8","version_value":"8.5.0.3"}]}},{"product_name":"CPY Car Park Server","version":{"version_data":[{"version_affected":"<","version_name":"2","version_value":"2.8.3"}]}}]},"vendor_name":"Carlo Gavazzi"}]}},"credit":[{"lang":"eng","value":"Vera Mens from Claroty Research"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an remote attacker with admin rights could execute arbitrary commands due to missing input sanitization in the backup restore function"}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-20 Improper Input Validation"}]}]},"references":{"reference_data":[{"name":"https://cert.vde.com/en/advisories/VDE-2022-029/","refsource":"CONFIRM","url":"https://cert.vde.com/en/advisories/VDE-2022-029/"}]},"source":{"advisory":"VDE-2022-029","discovery":"EXTERNAL"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T03:14:55.414Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://cert.vde.com/en/advisories/VDE-2022-029/"}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-05-21T14:36:46.092109Z","id":"CVE-2022-22525","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-05-21T14:36:52.620Z"}}]},"cveMetadata":{"assignerOrgId":"270ccfa6-a436-4e77-922e-914ec3a9685c","assignerShortName":"CERTVDE","cveId":"CVE-2022-22525","datePublished":"2022-09-28T13:45:30.000Z","dateReserved":"2022-01-03T00:00:00.000Z","dateUpdated":"2025-05-21T14:36:52.620Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}