CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-22771
https://notcve.org/view.php?id=CVE-2021-22771
A CWE-1236: Improper Neutralization of Formula Elements in a CSV File vulnerability exists in Easergy T300 with firmware V2.7.1 and older that would allow arbitrary command execution. A CWE-1236: Se presenta una vulnerabilidad de Neutralización Inapropiada de Elementos de Fórmula en un Archivo CSV en Easergy T300 con versiones de firmware V2.7.1 y anteriores, que podría permitir una ejecución de un comando arbitrario • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-22770
https://notcve.org/view.php?id=CVE-2021-22770
A CWE-200: Information Exposure vulnerability exists in Easergy T300 with firmware V2.7.1 and older that exposes sensitive information to an actor not explicitly authorized to have access to that information. A CWE-200: Se presenta una vulnerabilidad de Exposición de Información en Easergy T300 con versiones de firmware V2.7.1 y anteriores, que expone información confidencial a un actor no autorizado explícitamente tener acceso a dicha información • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-22784 – Schneider Electric C-Bus Toolkit Missing Authentication Vulnerability
https://notcve.org/view.php?id=CVE-2021-22784
A CWE-306: Missing Authentication for Critical Function vulnerability exists in C-Bus Toolkit v1.15.8 and prior that could allow an attacker to use a crafted webpage to obtain remote access to the system. A CWE-306: Se presenta una vulnerabilidad de Falta de Autentificación para una Función Crítica en C-Bus Toolkit versiones v1.15.8 y anteriores, que podría permitir a un atacante usar una página web diseñada para obtener acceso remoto al sistema This vulnerability allows remote attackers to bypass authentication on affected installations of Schneider Electric C-Bus Toolkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the C-Gate 2 Service, which listens on TCP port 20023. A crafted webpage can be used to enable remote access. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of SYSTEM. • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-04 https://www.tenable.com/security/research/tra-2021-50 • CWE-306: Missing Authentication for Critical Function •
CVSS: 10.0EPSS: 41%CPEs: 12EXPL: 0CVE-2021-22707 – Schneider Electric EVlink Charging Stations Authentication Bypass / Code Execution
https://notcve.org/view.php?id=CVE-2021-22707
A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to issue unauthorized commands to the charging station web server with administrative privileges. A CWE-798: Se presenta una vulnerabilidad de uso de credenciales embebidas en EVlink City (EVC1S22P4 / EVC1S7P4 todas las versiones anteriores a R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 todas las versiones anteriores a R8 V3.4.0.1), y EVlink Smart Wallbox (EVB1A todas las versiones anteriores a R8 V3.4.0.1 ) que podría permitir a un atacante emitir comandos no autorizados al servidor web de la estación de carga privilegiados administrativos Multiple Schneider Electric EVlink Charging Stations suffers from authentication bypass and remote code execution vulnerabilities. • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.2EPSS: 0%CPEs: 12EXPL: 0CVE-2021-22708 – Schneider Electric EVlink Charging Stations Authentication Bypass / Code Execution
https://notcve.org/view.php?id=CVE-2021-22708
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to craft a malicious firmware package and bypass the signature verification mechanism. A CWE-347: Se presenta una vulnerabilidad de Comprobación Inapropiada de la Firma Criptográfica en EVlink City (EVC1S22P4 / EVC1S7P4 todas las versiones anteriores a R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 todas las versiones anteriores a R8 V3.4.0.1), y EVlink Smart Wallbox (EVB1A todas las versiones anteriores a R8 V3.4.0.1 ) que podría permitir a un atacante diseñar un paquete de firmware malicioso y omitir el mecanismo de comprobación de la firma Multiple Schneider Electric EVlink Charging Stations suffers from authentication bypass and remote code execution vulnerabilities. • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06 • CWE-347: Improper Verification of Cryptographic Signature •