Описание
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of an SQL-injection to gain access to a volatile temporary database with the current states of the device.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.8.3 (исключая)
cpe:2.3:a:gavazziautomation:cpy_car_park_server:*:*:*:*:*:*:*:*
Конфигурация 2Версия до 8.5.0.3 (исключая)
Одновременно
cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:*:*:*:*:*:*
Конфигурация 3Версия до 8.5.0.3 (исключая)
Одновременно
cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:edp:*:*:*:*:*
cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:edp:*:*:*:*:*
Конфигурация 4Версия до 8.5.0.3 (исключая)
Одновременно
cpe:2.3:o:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller_firmware:*:*:security_enhanced:*:*:*:*:*
cpe:2.3:h:gavazziautomation:uwp_3.0_monitoring_gateway_and_controller:-:*:security_enhanced:*:*:*:*:*
EPSS
Процентиль: 68%
0.00563
Низкий
7.5 High
CVSS3
Дефекты
CWE-89
CWE-89
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of an SQL-injection to gain access to a volatile temporary database with the current states of the device.
EPSS
Процентиль: 68%
0.00563
Низкий
7.5 High
CVSS3
Дефекты
CWE-89
CWE-89