Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Carlo Gavazzi — Vulnerabilities & Security Advisories 12

Browse all 12 CVE security advisories affecting Carlo Gavazzi. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Carlo Gavazzi specializes in automation and control solutions, with products including energy management systems and industrial sensors. Historically, their devices have been vulnerable to multiple classes of issues, including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. The company has recorded 12 CVEs, with several critical flaws allowing unauthorized access or system compromise. Notable security characteristics include legacy products with default credentials and insufficient input validation, though no major public incidents have been widely reported. Recent updates show improved security practices, but older installations remain potentially exposed.

Top products by Carlo Gavazzi: UWP 3.0 Monitoring Gateway and Controller Powersoft
CVE IDTitleCVSSSeverityPublished
CVE-2017-20184 Carlo Gavazzi Powersoft prone to Path Traversal — PowersoftCWE-22 7.5 High2023-05-04
CVE-2022-28816 Reflected XSS in Carlo Gavazzi UWP 3.0 — UWP 3.0 Monitoring Gateway and ControllerCWE-79 6.1 Medium2022-09-28
CVE-2022-28815 SQL-Injection in Carlo Gavazzi UWP 3.0 Sentilo Proxy — UWP 3.0 Monitoring Gateway and ControllerCWE-89 2.7 Low2022-09-28
CVE-2022-28814 Path traversal in Carlo Gavazzi UWP 3.0 could lead to full device access — UWP 3.0 Monitoring Gateway and ControllerCWE-23 9.8 Critical2022-09-28
CVE-2022-28812 Use of Hard-coded Credentials in UWP3.0 allows SuperUser authentication bypass in Car Park Server. — UWP 3.0 Monitoring Gateway and ControllerCWE-798 9.8 Critical2022-09-28
CVE-2022-28811 Possible command injection in Car Park Server in Carlo Gavazzi UWP3.0 — UWP 3.0 Monitoring Gateway and ControllerCWE-78 9.8 Critical2022-09-28
CVE-2022-22526 Missing authentication for API in Carlo Gavazzi UWP 3.0 Car Park Server — UWP 3.0 Monitoring Gateway and ControllerCWE-306 9.8 Critical2022-09-28
CVE-2022-22524 SQL-injection in Carlo Gavazzi UWP 3.0 allows for full database access — UWP 3.0 Monitoring Gateway and ControllerCWE-89 9.4 Critical2022-09-28
CVE-2022-22525 Command injection in restore function of Carlo Gavazzi UWP3.0 allows for command injection — UWP 3.0 Monitoring Gateway and ControllerCWE-20 7.2 High2022-09-28
CVE-2022-22523 Carlo Gavazzi UWP 3.0 WebApp allows for authentication bypass — UWP 3.0 Monitoring Gateway and ControllerCWE-287 7.5 High2022-09-28
CVE-2022-22522 Hard-coded credentials in Carlo Gavazzi UWP3.0 allows for authentication bypass and full control of the device — UWP 3.0 Monitoring Gateway and ControllerCWE-798 9.8 Critical2022-09-28
CVE-2022-28813 SQL-injection in Car Park Server 3.0 allows for full database access. — UWP 3.0 Monitoring Gateway and ControllerCWE-89 7.5 High2022-09-28

This page lists every published CVE security advisory associated with Carlo Gavazzi. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.