A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to gain unauthorized access to the charging station web interface by performing brute force attacks. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2)
References
Link | Resource |
---|---|
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-02 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
History
03 Feb 2022, 19:13
Type | Values Removed | Values Added |
---|---|---|
First Time |
Schneider-electric evlink Parking Evp2pe Firmware
Schneider-electric evlink City Evc1s7p4 Schneider-electric evlink Smart Wallbox Evb1a Firmware Schneider-electric evlink City Evc1s22p4 Firmware Schneider-electric evlink Parking Evp2pe Schneider-electric evlink City Evc1s7p4 Firmware Schneider-electric evlink City Evc1s22p4 Schneider-electric evlink Smart Wallbox Evb1a Schneider-electric evlink Parking Evw2 Schneider-electric evlink Parking Evf2 Schneider-electric evlink Parking Evw2 Firmware Schneider-electric evlink Parking Evf2 Firmware |
|
CPE | cpe:2.3:o:schneider-electric:evc1s7p4_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evw2:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evb1a:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evw2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evp2pe_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evb1a_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evc1s7p4:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evp2pe:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evc1s22p4:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evf2_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evf2:-:*:*:*:*:*:*:* |
cpe:2.3:h:schneider-electric:evlink_parking_evf2:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evlink_smart_wallbox_evb1a:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evlink_city_evc1s22p4:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evlink_city_evc1s7p4:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evlink_city_evc1s22p4_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evlink_parking_evp2pe:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evlink_parking_evw2:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evlink_parking_evp2pe_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evlink_city_evc1s7p4_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evlink_smart_wallbox_evb1a_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evlink_parking_evw2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evlink_parking_evf2_firmware:*:*:*:*:*:*:*:* |
03 Feb 2022, 13:48
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-02 - Patch, Vendor Advisory | |
CPE | cpe:2.3:o:schneider-electric:evc1s22p4_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evc1s7p4_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evw2:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evb1a:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evw2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evp2pe_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evb1a_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evc1s7p4:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evp2pe:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evc1s22p4:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evf2_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evf2:-:*:*:*:*:*:*:* |
|
First Time |
Schneider-electric evc1s7p4 Firmware
Schneider-electric evb1a Firmware Schneider-electric evp2pe Firmware Schneider-electric evw2 Schneider-electric evw2 Firmware Schneider-electric evb1a Schneider-electric evc1s22p4 Schneider-electric evc1s22p4 Firmware Schneider-electric evf2 Firmware Schneider-electric evf2 Schneider-electric evp2pe Schneider-electric Schneider-electric evc1s7p4 |
|
CWE | CWE-307 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
28 Jan 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
CWE |
28 Jan 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-01-28 20:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-22818
Mitre link : CVE-2021-22818
CVE.ORG link : CVE-2021-22818
JSON object : View
Products Affected
schneider-electric
- evlink_parking_evp2pe
- evlink_smart_wallbox_evb1a_firmware
- evlink_parking_evp2pe_firmware
- evlink_parking_evf2
- evlink_city_evc1s22p4_firmware
- evlink_city_evc1s7p4
- evlink_smart_wallbox_evb1a
- evlink_city_evc1s22p4
- evlink_city_evc1s7p4_firmware
- evlink_parking_evw2
- evlink_parking_evf2_firmware
- evlink_parking_evw2_firmware
CWE
CWE-307
Improper Restriction of Excessive Authentication Attempts