Cybersecurity firm Claroty has discovered nearly a dozen vulnerabilities in a car parking management system developed by an Italian company, Carlo Gavazzi. The company produces the electronic control components that enable building an industrial automation. The flaws were reported to Carlo Gavazzi and the impacted products received patches earlier this year. Germany-based cybersecurity and vulnerability disclosure organization released an advisory describing the vulnerabilities affecting the devices. In total, 11 vulnerabilities were disclosed.
The German agency has warned that an attacker could exploit the vulnerabilities to obtain full access to affected devices, which means that consumers should be on alert for unpatched systems. Vera Mens has been credited for reporting the vulnerabilities and claims that they lie in a web-based application that is designed to remotely manage building automation, car park guidance systems, parking facilities, and more. The vulnerabilities could also mean that drivers are at risk for data aggregation or other security issues.