Arbitrary Command Execution Vulnerability in Carlo Gavazzi UWP3.0 and CPY Car Park Server

Arbitrary Command Execution Vulnerability in Carlo Gavazzi UWP3.0 and CPY Car Park Server

CVE-2022-22525 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an remote attacker with admin rights could execute arbitrary commands due to missing input sanitization in the backup restore function

Learn more about our Cis Benchmark Audit For Server Software.