Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Evlink_parking_evw2_firmware
(Schneider\-Electric)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 18 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-07-21 | CVE-2021-22706 | A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted malicious parameters are... | Evlink_city_evc1s22p4_firmware, Evlink_city_evc1s7p4_firmware, Evlink_parking_ev\.2_firmware, Evlink_parking_evf2_firmware, Evlink_parking_evw2_firmware, Evlink_smart_wallbox_evb1a_firmware | 6.1 | ||
| 2021-07-21 | CVE-2021-22707 | A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to issue unauthorized commands to the charging station web server with administrative privileges. | Evlink_city_evc1s22p4_firmware, Evlink_city_evc1s7p4_firmware, Evlink_parking_ev\.2_firmware, Evlink_parking_evf2_firmware, Evlink_parking_evw2_firmware, Evlink_smart_wallbox_evb1a_firmware | 9.8 | ||
| 2021-07-21 | CVE-2021-22708 | A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to craft a malicious firmware package and bypass the signature verification mechanism. | Evlink_city_evc1s22p4_firmware, Evlink_city_evc1s7p4_firmware, Evlink_parking_ev\.2_firmware, Evlink_parking_evf2_firmware, Evlink_parking_evw2_firmware, Evlink_smart_wallbox_evb1a_firmware | 7.2 | ||
| 2021-07-21 | CVE-2021-22721 | A CWE-200: Information Exposure vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to get limited knowledge of javascript code when crafted malicious parameters are submitted to the charging station web server. | Evlink_city_evc1s22p4_firmware, Evlink_city_evc1s7p4_firmware, Evlink_parking_ev\.2_firmware, Evlink_parking_evf2_firmware, Evlink_parking_evw2_firmware, Evlink_smart_wallbox_evb1a_firmware | 5.3 | ||
| 2021-07-21 | CVE-2021-22722 | A CWE-79: Improper Neutralization of Input During Web Page Generation ('Stored Cross-site Scripting') vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could cause code injection when importing a CSV file or changing station parameters. | Evlink_city_evc1s22p4_firmware, Evlink_city_evc1s7p4_firmware, Evlink_parking_ev\.2_firmware, Evlink_parking_evf2_firmware, Evlink_parking_evw2_firmware, Evlink_smart_wallbox_evb1a_firmware | 5.4 | ||
| 2021-07-21 | CVE-2021-22723 | A CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-siteScripting) through Cross-Site Request Forgery (CSRF) vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when... | Evlink_city_evc1s22p4_firmware, Evlink_city_evc1s7p4_firmware, Evlink_parking_ev\.2_firmware, Evlink_parking_evf2_firmware, Evlink_parking_evw2_firmware, Evlink_smart_wallbox_evb1a_firmware | 6.1 | ||
| 2021-07-21 | CVE-2021-22726 | A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to perform unintended actions or access to data when crafted malicious parameters are submitted to the charging station web server. | Evlink_city_evc1s22p4_firmware, Evlink_city_evc1s7p4_firmware, Evlink_parking_ev\.2_firmware, Evlink_parking_evf2_firmware, Evlink_parking_evw2_firmware, Evlink_smart_wallbox_evb1a_firmware | 8.1 | ||
| 2021-07-21 | CVE-2021-22727 | A CWE-331: Insufficient Entropy vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to gain unauthorized access to the charging station web server | Evlink_city_evc1s22p4_firmware, Evlink_city_evc1s7p4_firmware, Evlink_parking_ev\.2_firmware, Evlink_parking_evf2_firmware, Evlink_parking_evw2_firmware, Evlink_smart_wallbox_evb1a_firmware | 9.8 | ||
| 2021-07-21 | CVE-2021-22728 | A CWE-200: Information Exposure vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could cause disclosure of encrypted credentials when consulting the maintenance report. | Evlink_city_evc1s22p4_firmware, Evlink_city_evc1s7p4_firmware, Evlink_parking_ev\.2_firmware, Evlink_parking_evf2_firmware, Evlink_parking_evw2_firmware, Evlink_smart_wallbox_evb1a_firmware | 6.5 | ||
| 2021-07-21 | CVE-2021-22729 | A CWE-259: Use of Hard-coded Password vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to gain unauthorized administrative privileges when accessing to the charging station web server. | Evlink_city_evc1s22p4_firmware, Evlink_city_evc1s7p4_firmware, Evlink_parking_ev\.2_firmware, Evlink_parking_evf2_firmware, Evlink_parking_evw2_firmware, Evlink_smart_wallbox_evb1a_firmware | 9.8 |