1. Home
  2. CVE Database
  3. CVE-2022-22523
HIGH · 7.5

CVE-2022-22523

An improper authentication vulnerability exists in the Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 Web-App which allows an authentication bypass to the context o...

Vulnerability Description

An improper authentication vulnerability exists in the Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 Web-App which allows an authentication bypass to the context of an unauthorised user if free-access is disabled.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
GavazziautomationCpy Car Park Server< 2.8.3
GavazziautomationUwp 3.0 Monitoring Gateway And Controller Firmware< 8.5.0.3
GavazziautomationUwp 3.0 Monitoring Gateway And Controller-

Related Weaknesses (CWE)

CWE-287

References

FAQ

What is CVE-2022-22523?

CVE-2022-22523 is a vulnerability with a CVSS score of 7.5 (HIGH). An improper authentication vulnerability exists in the Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 Web-App which allows an authentication bypass to the context o...

How severe is CVE-2022-22523?

CVE-2022-22523 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-22523?

Check the references section above for vendor advisories and patch information. Affected products include: Gavazziautomation Cpy Car Park Server, Gavazziautomation Uwp 3.0 Monitoring Gateway And Controller Firmware, Gavazziautomation Uwp 3.0 Monitoring Gateway And Controller.