Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2022-22523
PUBLISHED
More InfoOfficial Page
Assigner-CERTVDE
Assigner Org ID-270ccfa6-a436-4e77-922e-914ec3a9685c
View Known Exploited Vulnerability (KEV) details
Published At-28 Sep, 2022 | 13:45
Updated At-21 May, 2025 | 14:37
Rejected At-
▼CVE Numbering Authority (CNA)
Carlo Gavazzi UWP 3.0 WebApp allows for authentication bypass

An improper authentication vulnerability exists in the Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 Web-App which allows an authentication bypass to the context of an unauthorised user if free-access is disabled.

Affected Products
Vendor
Carlo Gavazzi
Product
UWP 3.0 Monitoring Gateway and Controller
Versions
Affected
  • From 8 before 8.5.0.3 (custom)
Vendor
Carlo Gavazzi
Product
UWP 3.0 Monitoring Gateway and Controller – Security Enhanced
Versions
Affected
  • From 8 before 8.5.0.3 (custom)
Vendor
Carlo Gavazzi
Product
UWP 3.0 Monitoring Gateway and Controller – EDP version
Versions
Affected
  • From 8 before 8.5.0.3 (custom)
Vendor
Carlo Gavazzi
Product
CPY Car Park Server
Versions
Affected
  • From 2 before 2.8.3 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-287CWE-287 Improper Authentication
Type: CWE
CWE ID: CWE-287
Description: CWE-287 Improper Authentication
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Vera Mens from Claroty Research
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert.vde.com/en/advisories/VDE-2022-029/
x_refsource_CONFIRM
Hyperlink: https://cert.vde.com/en/advisories/VDE-2022-029/
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert.vde.com/en/advisories/VDE-2022-029/
x_refsource_CONFIRM
x_transferred
Hyperlink: https://cert.vde.com/en/advisories/VDE-2022-029/
Resource:
x_refsource_CONFIRM
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found