CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0CVE-2021-22727
https://notcve.org/view.php?id=CVE-2021-22727
21 Jul 2021 — A CWE-331: Insufficient Entropy vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to gain unauthorized access to the charging station web server A CWE-331: Se presenta una vulnerabilidad de Entropía Insuficiente en EVlink City (EVC1S22P4 / EVC1S7P4 todas las versiones anteriores a R8 V3.4.0.1), EVli... • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06 • CWE-331: Insufficient Entropy •
CVSS: 8.1EPSS: 0%CPEs: 12EXPL: 0CVE-2021-22726
https://notcve.org/view.php?id=CVE-2021-22726
21 Jul 2021 — A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to perform unintended actions or access to data when crafted malicious parameters are submitted to the charging station web server. A CWE-918: Se presenta una vulnerabilidad de tipo Server-Side Request Fo... • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2021-22723
https://notcve.org/view.php?id=CVE-2021-22723
21 Jul 2021 — A CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-siteScripting) through Cross-Site Request Forgery (CSRF) vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted malicious... • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 12EXPL: 0CVE-2021-22722
https://notcve.org/view.php?id=CVE-2021-22722
21 Jul 2021 — A CWE-79: Improper Neutralization of Input During Web Page Generation ('Stored Cross-site Scripting') vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could cause code injection when importing a CSV file or changing station parameters. A CWE-79: Se presenta una vulnerabilidad de Neutralización Inapropiada de la Entrada Du... • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 12EXPL: 0CVE-2021-22721
https://notcve.org/view.php?id=CVE-2021-22721
21 Jul 2021 — A CWE-200: Information Exposure vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to get limited knowledge of javascript code when crafted malicious parameters are submitted to the charging station web server. A CWE-200: Se presenta una vulnerabilidad de Exposición de Información en EVlink City (EVC... • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2021-22706
https://notcve.org/view.php?id=CVE-2021-22706
21 Jul 2021 — A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted malicious parameters are submitted to the chargi... • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 90%CPEs: 12EXPL: 1CVE-2021-22707 – Schneider Electric EVlink Charging Stations Authentication Bypass / Code Execution
https://notcve.org/view.php?id=CVE-2021-22707
14 Jul 2021 — A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to issue unauthorized commands to the charging station web server with administrative privileges. A CWE-798: Se presenta una vulnerabilidad de uso de credenciales embebidas en EVlink City (EVC1S22P4 / EVC1S7P4... • https://packetstorm.news/files/id/163505 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.2EPSS: 0%CPEs: 12EXPL: 1CVE-2021-22708 – Schneider Electric EVlink Charging Stations Authentication Bypass / Code Execution
https://notcve.org/view.php?id=CVE-2021-22708
14 Jul 2021 — A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to craft a malicious firmware package and bypass the signature verification mechanism. A CWE-347: Se presenta una vulnerabilidad de Comprobación Inapropiada de la Firma Criptográfica en EVli... • https://packetstorm.news/files/id/163505 • CWE-347: Improper Verification of Cryptographic Signature •