CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2021-22774
https://notcve.org/view.php?id=CVE-2021-22774
21 Jul 2021 — A CWE-759: Use of a One-Way Hash without a Salt vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could lead an attacker to get knowledge of charging station user account credentials using dictionary attacks techniques. A CWE-759: Se presenta una vulnerabilidad de Uso de un Hash Unidireccional sin Salt en EVlink City (EVC1... • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06 • CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2021-22773
https://notcve.org/view.php?id=CVE-2021-22773
21 Jul 2021 — A CWE-620: Unverified Password Change vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker connected to the charging station web server to modify the password of a user. A CWE-620: Se presenta una vulnerabilidad de Cambio de Contraseña No Comprobada en EVlink City (EVC1S22P4 / EVC1S7P4 todas las versio... • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06 • CWE-620: Unverified Password Change •
CVSS: 10.0EPSS: 0%CPEs: 12EXPL: 0CVE-2021-22730
https://notcve.org/view.php?id=CVE-2021-22730
21 Jul 2021 — A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could an attacker to gain unauthorized administrative privileges when accessing to the charging station web server. A CWE-798: Se presenta una vulnerabilidad de uso de Credenciales Embebidas en EVlink City (EVC1S22P4 / EVC1S7P4 todas... • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06 • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 0%CPEs: 12EXPL: 0CVE-2021-22729
https://notcve.org/view.php?id=CVE-2021-22729
21 Jul 2021 — A CWE-259: Use of Hard-coded Password vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to gain unauthorized administrative privileges when accessing to the charging station web server. A CWE-259: Se presenta una vulnerabilidad en el uso de Contraseñas Embebidas en EVlink City (EVC1S22P4 / EVC1S7P4 ... • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06 • CWE-259: Use of Hard-coded Password •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2021-22728
https://notcve.org/view.php?id=CVE-2021-22728
21 Jul 2021 — A CWE-200: Information Exposure vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could cause disclosure of encrypted credentials when consulting the maintenance report. A CWE-200: Se presenta una vulnerabilidad de Exposición de Información en EVlink City (EVC1S22P4 / EVC1S7P4 todas las versiones anteriores a R8 V3.4.0.1),... • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0CVE-2021-22727
https://notcve.org/view.php?id=CVE-2021-22727
21 Jul 2021 — A CWE-331: Insufficient Entropy vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to gain unauthorized access to the charging station web server A CWE-331: Se presenta una vulnerabilidad de Entropía Insuficiente en EVlink City (EVC1S22P4 / EVC1S7P4 todas las versiones anteriores a R8 V3.4.0.1), EVli... • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06 • CWE-331: Insufficient Entropy •
CVSS: 8.1EPSS: 0%CPEs: 12EXPL: 0CVE-2021-22726
https://notcve.org/view.php?id=CVE-2021-22726
21 Jul 2021 — A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to perform unintended actions or access to data when crafted malicious parameters are submitted to the charging station web server. A CWE-918: Se presenta una vulnerabilidad de tipo Server-Side Request Fo... • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2021-22723
https://notcve.org/view.php?id=CVE-2021-22723
21 Jul 2021 — A CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-siteScripting) through Cross-Site Request Forgery (CSRF) vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted malicious... • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 12EXPL: 0CVE-2021-22722
https://notcve.org/view.php?id=CVE-2021-22722
21 Jul 2021 — A CWE-79: Improper Neutralization of Input During Web Page Generation ('Stored Cross-site Scripting') vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could cause code injection when importing a CSV file or changing station parameters. A CWE-79: Se presenta una vulnerabilidad de Neutralización Inapropiada de la Entrada Du... • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 12EXPL: 0CVE-2021-22721
https://notcve.org/view.php?id=CVE-2021-22721
21 Jul 2021 — A CWE-200: Information Exposure vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to get limited knowledge of javascript code when crafted malicious parameters are submitted to the charging station web server. A CWE-200: Se presenta una vulnerabilidad de Exposición de Información en EVlink City (EVC... • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •