admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-225xx/CVE-2022-22525.json
cad-safe-bot 5fc0b01395 Auto-Update: 2024-12-15T03:00:19.262894+00:00
2024-12-15 03:03:56 +00:00

172 lines
5.0 KiB
JSON
Raw Blame History

{
"id": "CVE-2022-22525",
"sourceIdentifier": "info@cert.vde.com",
"published": "2022-09-28T14:15:10.187",
"lastModified": "2024-11-21T06:46:57.463",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an remote attacker with admin rights could execute arbitrary commands due to missing input sanitization in the backup restore function"
},
{
"lang": "es",
"value": "En Carlo Gavazzi UWP versi\u00f3n 3.0 en m\u00faltiples versiones y CPY Car Park Server en versi\u00f3n 2.8.3, un atacante remoto con derechos de administrador podr\u00eda ejecutar comandos arbitrarios debido a una falta de saneo de entrada en la funci\u00f3n backup restore"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gavazziautomation:cpy_car_park_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.8.3",
"matchCriteriaId": "6E670508-7A94-4A01-9C2B-51E82D5A861F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.5.0.3",
"matchCriteriaId": "14B2D9AB-2D19-4AD6-A049-CDB6814CC8D0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "90DBF492-5F3A-4F53-ACFC-59F89470D632"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:edp:*:*:*:*:*",
"versionEndExcluding": "8.5.0.3",
"matchCriteriaId": "5BFC1445-995C-44F7-BE85-E0C1D462573E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:edp:*:*:*:*:*",
"matchCriteriaId": "C7900CB8-560F-4DD7-82B9-8226A8F5F5CC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:security_enhanced:*:*:*:*:*",
"versionEndExcluding": "8.5.0.3",
"matchCriteriaId": "F6584CB1-FA0B-468D-AA58-F2D2F33763AA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:security_enhanced:*:*:*:*:*",
"matchCriteriaId": "B29F6465-3533-4B50-B436-4DC4E6F1B361"
}
]
}
]
}
],
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2022-029/",
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://cert.vde.com/en/advisories/VDE-2022-029/",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink