A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that could allow an attacker to impersonate the user or carry out actions on their behalf when crafted malicious parameters are submitted in POST requests sent to the charging station web server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2)
References
Link | Resource |
---|---|
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-02 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
History
28 Sep 2022, 20:41
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:se:evc1s22p4_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:se:evb1a:-:*:*:*:*:*:*:* cpe:2.3:h:se:evp2pe:-:*:*:*:*:*:*:* cpe:2.3:h:se:evc1s7p4:-:*:*:*:*:*:*:* cpe:2.3:o:se:evw2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:se:evf2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:se:evp2pe_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:se:evw2:-:*:*:*:*:*:*:* cpe:2.3:o:se:evc1s7p4_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:se:evc1s22p4:-:*:*:*:*:*:*:* cpe:2.3:h:se:evf2:-:*:*:*:*:*:*:* |
cpe:2.3:h:schneider-electric:evc1s22p4:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evc1s22p4_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evp2pe_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evb1a:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evc1s7p4:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evp2pe:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evw2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evb1a_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evf2:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evw2:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evc1s7p4_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evf2_firmware:*:*:*:*:*:*:*:* |
First Time |
Schneider-electric evb1a Firmware
Schneider-electric evw2 Schneider-electric evc1s22p4 Schneider-electric evp2pe Schneider-electric evp2pe Firmware Schneider-electric evf2 Firmware Schneider-electric evc1s7p4 Firmware Schneider-electric evb1a Schneider-electric evc1s22p4 Firmware Schneider-electric evw2 Firmware Schneider-electric evf2 Schneider-electric Schneider-electric evc1s7p4 |
02 Feb 2022, 21:05
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:se:evw2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:se:evc1s22p4_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:se:evc1s7p4:-:*:*:*:*:*:*:* cpe:2.3:o:se:evf2_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:se:evp2pe:-:*:*:*:*:*:*:* cpe:2.3:h:se:evw2:-:*:*:*:*:*:*:* cpe:2.3:h:se:evb1a:-:*:*:*:*:*:*:* cpe:2.3:o:se:evb1a_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:se:evp2pe_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:se:evc1s7p4_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:se:evc1s22p4:-:*:*:*:*:*:*:* cpe:2.3:h:se:evf2:-:*:*:*:*:*:*:* |
|
CWE | CWE-352 | |
CVSS |
v2 : v3 : |
v2 : 6.8
v3 : 8.8 |
References | (MISC) https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-02 - Patch, Vendor Advisory | |
First Time |
Se evb1a Firmware
Se evc1s22p4 Firmware Se evc1s22p4 Se Se evw2 Firmware Se evf2 Se evw2 Se evb1a Se evp2pe Se evp2pe Firmware Se evc1s7p4 Firmware Se evc1s7p4 Se evf2 Firmware |
28 Jan 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-01-28 20:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-22724
Mitre link : CVE-2021-22724
CVE.ORG link : CVE-2021-22724
JSON object : View
Products Affected
schneider-electric
- evf2_firmware
- evf2
- evc1s22p4
- evb1a
- evc1s7p4
- evc1s22p4_firmware
- evw2
- evp2pe
- evc1s7p4_firmware
- evp2pe_firmware
- evw2_firmware
- evb1a_firmware
CWE
CWE-352
Cross-Site Request Forgery (CSRF)