CVE-2021-22724

A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that could allow an attacker to impersonate the user or carry out actions on their behalf when crafted malicious parameters are submitted in POST requests sent to the charging station web server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2)
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:schneider-electric:evc1s22p4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:evc1s22p4:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:schneider-electric:evc1s7p4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:evc1s7p4:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:schneider-electric:evw2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:evw2:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:schneider-electric:evf2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:evf2:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:schneider-electric:evp2pe_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:evp2pe:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:schneider-electric:evb1a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:evb1a:-:*:*:*:*:*:*:*

History

28 Sep 2022, 20:41

Type Values Removed Values Added
CPE cpe:2.3:o:se:evb1a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:se:evc1s22p4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:se:evb1a:-:*:*:*:*:*:*:*
cpe:2.3:h:se:evp2pe:-:*:*:*:*:*:*:*
cpe:2.3:h:se:evc1s7p4:-:*:*:*:*:*:*:*
cpe:2.3:o:se:evw2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:se:evf2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:se:evp2pe_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:se:evw2:-:*:*:*:*:*:*:*
cpe:2.3:o:se:evc1s7p4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:se:evc1s22p4:-:*:*:*:*:*:*:*
cpe:2.3:h:se:evf2:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:evc1s22p4:-:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:evc1s22p4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:evp2pe_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:evb1a:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:evc1s7p4:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:evp2pe:-:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:evw2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:evb1a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:evf2:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:evw2:-:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:evc1s7p4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:evf2_firmware:*:*:*:*:*:*:*:*
First Time Schneider-electric evb1a Firmware
Schneider-electric evw2
Schneider-electric evc1s22p4
Schneider-electric evp2pe
Schneider-electric evp2pe Firmware
Schneider-electric evf2 Firmware
Schneider-electric evc1s7p4 Firmware
Schneider-electric evb1a
Schneider-electric evc1s22p4 Firmware
Schneider-electric evw2 Firmware
Schneider-electric evf2
Schneider-electric
Schneider-electric evc1s7p4

02 Feb 2022, 21:05

Type Values Removed Values Added
CPE cpe:2.3:o:se:evw2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:se:evc1s22p4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:se:evc1s7p4:-:*:*:*:*:*:*:*
cpe:2.3:o:se:evf2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:se:evp2pe:-:*:*:*:*:*:*:*
cpe:2.3:h:se:evw2:-:*:*:*:*:*:*:*
cpe:2.3:h:se:evb1a:-:*:*:*:*:*:*:*
cpe:2.3:o:se:evb1a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:se:evp2pe_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:se:evc1s7p4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:se:evc1s22p4:-:*:*:*:*:*:*:*
cpe:2.3:h:se:evf2:-:*:*:*:*:*:*:*
CWE CWE-352
CVSS v2 : unknown
v3 : unknown
v2 : 6.8
v3 : 8.8
References (MISC) https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-02 - (MISC) https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-02 - Patch, Vendor Advisory
First Time Se evb1a Firmware
Se evc1s22p4 Firmware
Se evc1s22p4
Se
Se evw2 Firmware
Se evf2
Se evw2
Se evb1a
Se evp2pe
Se evp2pe Firmware
Se evc1s7p4 Firmware
Se evc1s7p4
Se evf2 Firmware

28 Jan 2022, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-01-28 20:15

Updated : 2023-12-10 14:09


NVD link : CVE-2021-22724

Mitre link : CVE-2021-22724

CVE.ORG link : CVE-2021-22724


JSON object : View

Products Affected

schneider-electric

  • evf2_firmware
  • evf2
  • evc1s22p4
  • evb1a
  • evc1s7p4
  • evc1s22p4_firmware
  • evw2
  • evp2pe
  • evc1s7p4_firmware
  • evp2pe_firmware
  • evw2_firmware
  • evb1a_firmware
CWE
CWE-352

Cross-Site Request Forgery (CSRF)