The flaws were discovered by researchers at industrial cybersecurity firm Claroty in Carlo Gavazzi’s CPY Car Park Server and UWP 3.0 monitoring gateway and controller products. The vendor released patches for the impacted products earlier this year.

The Germany-based CERT@VDE, which coordinates the disclosure of vulnerabilities impacting the industrial control system (ICS) and operational technology (OT) products of European vendors, has published an advisory describing the Carlo Gavazzi issues. CERT@VDE’s advisory describes 11 vulnerabilities, and the agency warns that an attacker could exploit them to “get full access to the affected devices”.