{"cve":{"cve_id":"CVE-2022-22525","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.0097,"epss_percentile":0.57299,"epss_as_of":"2026-06-23","description":"In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an remote attacker with admin rights could execute arbitrary commands due to missing input sanitization in the backup restore function","published_at":"2022-09-28T13:45:30Z","last_modified_at":null,"cvss_v3_score":7.2,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","cvss_v3_severity":"HIGH","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"none","ssvc_automatable":false,"ssvc_technical_impact":"total","cwes":["CWE-20"],"nvd_references":["https://cert.vde.com/en/advisories/VDE-2022-029/"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:17:00.636257Z"},"effective_severity":"HIGH","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"H","value_label":"High"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"carlo-gavazzi","vendor_name":"Carlo Gavazzi","product_slug":"cpy-car-park-server","product_name":"CPY Car Park Server","version_start":"2","version_start_inclusive":true,"version_end":"2.8.3","version_end_inclusive":false,"cpe23_uri":"cve5:carlo-gavazzi:cpy-car-park-server:2:2.8.3"},{"vendor_slug":"carlo-gavazzi","vendor_name":"Carlo Gavazzi","product_slug":"uwp-3.0-monitoring-gateway-and-controller","product_name":"UWP 3.0 Monitoring Gateway and Controller","version_start":"8","version_start_inclusive":true,"version_end":"8.5.0.3","version_end_inclusive":false,"cpe23_uri":"cve5:carlo-gavazzi:uwp-3.0-monitoring-gateway-and-controller:8:8.5.0.3"},{"vendor_slug":"carlo-gavazzi","vendor_name":"Carlo Gavazzi","product_slug":"uwp-3.0-monitoring-gateway-and-controller-edp-version","product_name":"UWP 3.0 Monitoring Gateway and Controller – EDP version","version_start":"8","version_start_inclusive":true,"version_end":"8.5.0.3","version_end_inclusive":false,"cpe23_uri":"cve5:carlo-gavazzi:uwp-3.0-monitoring-gateway-and-controller-edp-version:8:8.5.0.3"},{"vendor_slug":"carlo-gavazzi","vendor_name":"Carlo Gavazzi","product_slug":"uwp-3.0-monitoring-gateway-and-controller-security-enhanced","product_name":"UWP 3.0 Monitoring Gateway and Controller – Security Enhanced","version_start":"8","version_start_inclusive":true,"version_end":"8.5.0.3","version_end_inclusive":false,"cpe23_uri":"cve5:carlo-gavazzi:uwp-3.0-monitoring-gateway-and-controller-security-enhanced:8:8.5.0.3"}],"exploit_refs":[],"news":[],"references":[{"url":"https://cert.vde.com/en/advisories/VDE-2022-029/","source_type":"VENDOR_ADVISORY","tags":["advisory"]}],"timeline":[{"type":"published","at":"2022-09-28T13:45:30Z","label":"CVE published","source":null},{"type":"ssvc_changed","at":"2026-06-24T00:31:59.395211Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-24T00:31:59.395211Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-24T00:31:59.395211Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:59.395211Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:59.395211Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:59.395211Z","label":"CVSS score revised","source":"vulnrichment"}]}