CVE-2022-28813 : Security Advisory and Response

A SQL-injection vulnerability in Car Park Server 3.0 allows attackers to gain full access to the database. Here's what you need to know about CVE-2022-28813.

Understanding CVE-2022-28813

This section provides insights into the nature and impact of CVE-2022-28813.

What is CVE-2022-28813?

CVE-2022-28813 is a SQL-injection vulnerability in Carlo Gavazzi UWP 3.0 and CPY Car Park Server that can be exploited by remote, unauthenticated attackers to access a temporary database.

The Impact of CVE-2022-28813

The vulnerability poses a high risk with a CVSS base score of 7.5, allowing attackers to access sensitive data stored in the database without authentication.

Technical Details of CVE-2022-28813

In this section, we delve into the technical specifics of CVE-2022-28813.

Vulnerability Description

The SQL-injection vulnerability in Car Park Server 3.0 grants attackers access to the volatile temporary database, compromising the device's current states.

Affected Systems and Versions

Carlo Gavazzi UWP 3.0 Monitoring Gateway and Controller versions less than 8.5.0.3 and CPY Car Park Server versions less than 2.8.3 are affected by this vulnerability.

Exploitation Mechanism

Remote, unauthenticated attackers exploit the SQL-injection vulnerability to gain unauthorized access to the database.

Mitigation and Prevention

Here are the measures to mitigate and prevent exploitation of CVE-2022-28813.

Immediate Steps to Take

Update affected systems to versions 8.5.0.3 for Carlo Gavazzi UWP 3.0 and 2.8.3 for CPY Car Park Server.
Monitor network traffic for any suspicious activity.

Long-Term Security Practices

Implement secure coding practices to prevent SQL-injection vulnerabilities.
Conduct regular security audits and vulnerability assessments.

Patching and Updates

Stay vigilant for security updates from Carlo Gavazzi and apply patches promptly to address known vulnerabilities.