admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2022/22xxx/CVE-2022-22526.json
Jochen Becker 4cfd1550ea add 11 CVEs
2022-09-28 15:43:00 +02:00

130 lines
4.7 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"ID": "CVE-2022-22526",
"STATE": "PUBLIC",
"TITLE": "Missing authentication for API in Carlo Gavazzi UWP 3.0 Car Park Server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UWP 3.0 Monitoring Gateway and Controller",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8",
"version_value": "8.5.0.3"
}
]
}
},
{
"product_name": "UWP 3.0 Monitoring Gateway and Controller Security Enhanced",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8",
"version_value": "8.5.0.3"
}
]
}
},
{
"product_name": "UWP 3.0 Monitoring Gateway and Controller EDP version",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8",
"version_value": "8.5.0.3"
}
]
}
},
{
"product_name": "CPY Car Park Server",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2",
"version_value": "2.8.3"
}
]
}
}
]
},
"vendor_name": "Carlo Gavazzi"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vera Mens from Claroty Research"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a missing authentication allows for full access via API."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2022-029/",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2022-029/"
}
]
},
"source": {
"advisory": "VDE-2022-029",
"discovery": "EXTERNAL"
}
}
Reference in New Issue View Git Blame Copy Permalink