Schneider-Electric Evlink Parking Ev.2 Firmware vulnerabilities

13 known vulnerabilities affecting schneider-electric/evlink_parking_ev.2_firmware.

Total CVEs
13
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH3MEDIUM6

Vulnerabilities

Page 1 of 1
CVE-2021-22730CRITICALCVSS 9.8fixed in r8_v3.4.0.12021-07-21
CVE-2021-22730 [CRITICAL] CWE-798 CVE-2021-22730: A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 a A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could an attacker to gain unauthorized administrative privileges when
nvd
CVE-2021-22707CRITICALCVSS 9.8PoCfixed in r8_v3.4.0.12021-07-21
CVE-2021-22707 [CRITICAL] CWE-798 CVE-2021-22707: A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 a A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to issue unauthorized commands to the charging
nvd
CVE-2021-22727CRITICALCVSS 9.8fixed in r8_v3.4.0.12021-07-21
CVE-2021-22727 [CRITICAL] CWE-331 CVE-2021-22727: A CWE-331: Insufficient Entropy vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versio A CWE-331: Insufficient Entropy vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to gain unauthorized access to the charging station web
nvd
CVE-2021-22729CRITICALCVSS 9.8fixed in r8_v3.4.0.12021-07-21
CVE-2021-22729 [CRITICAL] CWE-259 CVE-2021-22729: A CWE-259: Use of Hard-coded Password vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all A CWE-259: Use of Hard-coded Password vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to gain unauthorized administrative privileges whe
nvd
CVE-2021-22774HIGHCVSS 7.5fixed in r8_v3.4.0.12021-07-21
CVE-2021-22774 [HIGH] CWE-916 CVE-2021-22774: A CWE-759: Use of a One-Way Hash without a Salt vulnerability exists in EVlink City (EVC1S22P4 / EVC A CWE-759: Use of a One-Way Hash without a Salt vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could lead an attacker to get knowledge of charging station user ac
nvd
CVE-2021-22726HIGHCVSS 8.1fixed in r8_v3.4.0.12021-07-21
CVE-2021-22726 [HIGH] CWE-918 CVE-2021-22726: A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists in EVlink City (EVC1S22P4 / EVC1S A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to perform unintended actions or access to da
nvd
CVE-2021-22708HIGHCVSS 7.2fixed in r8_v3.4.0.12021-07-21
CVE-2021-22708 [HIGH] CWE-347 CVE-2021-22708: A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in EVlink City (EVC A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to craft a malicious firmware p
nvd
CVE-2021-22721MEDIUMCVSS 5.3fixed in r8_v3.4.0.12021-07-21
CVE-2021-22721 [MEDIUM] CWE-200 CVE-2021-22721: A CWE-200: Information Exposure vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versio A CWE-200: Information Exposure vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to get limited knowledge of javascript code when crafted
nvd
CVE-2021-22722MEDIUMCVSS 5.4fixed in r8_v3.4.0.12021-07-21
CVE-2021-22722 [MEDIUM] CWE-79 CVE-2021-22722: A CWE-79: Improper Neutralization of Input During Web Page Generation ('Stored Cross-site Scripting' A CWE-79: Improper Neutralization of Input During Web Page Generation ('Stored Cross-site Scripting') vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could cause
nvd
CVE-2021-22706MEDIUMCVSS 6.1fixed in r8_v3.4.0.12021-07-21
CVE-2021-22706 [MEDIUM] CWE-79 CVE-2021-22706: A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulne A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an atta
nvd
CVE-2021-22723MEDIUMCVSS 6.1fixed in r8_v3.4.0.12021-07-21
CVE-2021-22723 [MEDIUM] CWE-79 CVE-2021-22723: A CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-siteScripting) through A CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-siteScripting) through Cross-Site Request Forgery (CSRF) vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to
nvd
CVE-2021-22728MEDIUMCVSS 6.5fixed in r8_v3.4.0.12021-07-21
CVE-2021-22728 [MEDIUM] CWE-200 CVE-2021-22728: A CWE-200: Information Exposure vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versio A CWE-200: Information Exposure vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could cause disclosure of encrypted credentials when consulting the maintenance r
nvd
CVE-2021-22773MEDIUMCVSS 6.5fixed in r8_v3.4.0.12021-07-21
CVE-2021-22773 [MEDIUM] CWE-620 CVE-2021-22773: A CWE-620: Unverified Password Change vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all A CWE-620: Unverified Password Change vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker connected to the charging station web server to modi
nvd