Page 4 of 21 results (0.002 seconds)

CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted malicious parameters are submitted to the charging station web server. A CWE-79: Se presenta una vulnerabilidad de Neutralización Inapropiada de Entradas Durante la Generación de Páginas Web ("Cross-site Scripting") en EVlink City (EVC1S22P4 / EVC1S7P4 todas las versiones anteriores a R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 todas las versiones anteriores a R8 V3.4.0.1), y EVlink Smart Wallbox (EVB1A todas las versiones anteriores a R8 V3.4.0.1) que podría permitir a un atacante hacerse pasar por el usuario que administra la estación de carga o realizar acciones en su nombre cuando se envían parámetros maliciosos diseñados al servidor web de la estación de carga • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 52%CPEs: 12EXPL: 0

A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to issue unauthorized commands to the charging station web server with administrative privileges. A CWE-798: Se presenta una vulnerabilidad de uso de credenciales embebidas en EVlink City (EVC1S22P4 / EVC1S7P4 todas las versiones anteriores a R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 todas las versiones anteriores a R8 V3.4.0.1), y EVlink Smart Wallbox (EVB1A todas las versiones anteriores a R8 V3.4.0.1 ) que podría permitir a un atacante emitir comandos no autorizados al servidor web de la estación de carga privilegiados administrativos Multiple Schneider Electric EVlink Charging Stations suffers from authentication bypass and remote code execution vulnerabilities. • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06 • CWE-798: Use of Hard-coded Credentials •

CVSS: 7.2EPSS: 0%CPEs: 12EXPL: 0

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to craft a malicious firmware package and bypass the signature verification mechanism. A CWE-347: Se presenta una vulnerabilidad de Comprobación Inapropiada de la Firma Criptográfica en EVlink City (EVC1S22P4 / EVC1S7P4 todas las versiones anteriores a R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 todas las versiones anteriores a R8 V3.4.0.1), y EVlink Smart Wallbox (EVB1A todas las versiones anteriores a R8 V3.4.0.1 ) que podría permitir a un atacante diseñar un paquete de firmware malicioso y omitir el mecanismo de comprobación de la firma Multiple Schneider Electric EVlink Charging Stations suffers from authentication bypass and remote code execution vulnerabilities. • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06 • CWE-347: Improper Verification of Cryptographic Signature •

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0

A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable an attacker to gain access to the device. Existe una vulnerabilidad de credenciales embebidas en EVLink Parking, en versiones v3.2.0-12_v1 y anteriores, lo que podría permitir que un atacante obtenga acceso al dispositivo. • http://www.securityfocus.com/bid/106807 https://ics-cert.us-cert.gov/advisories/ICSA-19-031-01 https://www.schneider-electric.com/en/download/document/SEVD-2018-354-01 • CWE-798: Use of Hard-coded Credentials •

CVSS: 8.8EPSS: 3%CPEs: 2EXPL: 1

A Code Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable access with maximum privileges when a remote code execution is performed. Existe una vulnerabilidad de inyección de código en EVLink Parking, en versiones v3.2.0-12_v1 y anteriores, lo que podría permitir el acceso con máximos privilegios cuando se ejecuta código de forma remota. • http://seclists.org/fulldisclosure/2021/Jul/32 http://www.securityfocus.com/bid/106807 https://ics-cert.us-cert.gov/advisories/ICSA-19-031-01 https://www.schneider-electric.com/en/download/document/SEVD-2018-354-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •