A CWE-614 Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain an unauthorized access over a hijacked session to the charger station web server even after the legitimate user account holder has changed his password. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2)
References
Link | Resource |
---|---|
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-02 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
History
03 Feb 2022, 19:12
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:schneider-electric:evc1s7p4_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evw2:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evb1a:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evp2pe_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electrice:evw2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evb1a_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evc1s7p4:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evp2pe:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evc1s22p4:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evf2_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evf2:-:*:*:*:*:*:*:* |
cpe:2.3:h:schneider-electric:evlink_parking_evf2:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evlink_smart_wallbox_evb1a:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evlink_city_evc1s22p4:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evlink_city_evc1s7p4:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evlink_city_evc1s22p4_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evlink_parking_evp2pe:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evlink_parking_evw2:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evlink_parking_evp2pe_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evlink_city_evc1s7p4_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evlink_smart_wallbox_evb1a_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evlink_parking_evw2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evlink_parking_evf2_firmware:*:*:*:*:*:*:*:* |
First Time |
Schneider-electric evlink Parking Evp2pe Firmware
Schneider-electric evlink City Evc1s7p4 Schneider-electric evlink Smart Wallbox Evb1a Firmware Schneider-electric evlink City Evc1s22p4 Firmware Schneider-electric evlink Parking Evp2pe Schneider-electric evlink City Evc1s7p4 Firmware Schneider-electric evlink City Evc1s22p4 Schneider-electric evlink Smart Wallbox Evb1a Schneider-electric evlink Parking Evw2 Schneider-electric evlink Parking Evf2 Schneider-electric evlink Parking Evw2 Firmware Schneider-electric evlink Parking Evf2 Firmware |
03 Feb 2022, 14:59
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:schneider-electric:evc1s22p4_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evc1s7p4_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evw2:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evb1a:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evp2pe_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electrice:evw2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evb1a_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evc1s7p4:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evp2pe:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evc1s22p4:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evf2_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evf2:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
References | (MISC) https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-02 - Patch, Vendor Advisory | |
First Time |
Schneider-electric evc1s7p4 Firmware
Schneider-electrice Schneider-electric evb1a Firmware Schneider-electric evp2pe Firmware Schneider-electric evw2 Schneider-electric evb1a Schneider-electric evc1s22p4 Schneider-electric evc1s22p4 Firmware Schneider-electric evf2 Firmware Schneider-electric evf2 Schneider-electric evp2pe Schneider-electric Schneider-electric evc1s7p4 Schneider-electrice evw2 Firmware |
|
CWE | CWE-613 |
28 Jan 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
CWE |
28 Jan 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-01-28 20:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-22820
Mitre link : CVE-2021-22820
CVE.ORG link : CVE-2021-22820
JSON object : View
Products Affected
schneider-electric
- evlink_city_evc1s22p4
- evlink_parking_evf2
- evlink_city_evc1s22p4_firmware
- evlink_parking_evp2pe
- evlink_city_evc1s7p4
- evlink_parking_evp2pe_firmware
- evlink_parking_evf2_firmware
- evlink_smart_wallbox_evb1a_firmware
- evlink_parking_evw2_firmware
- evlink_parking_evw2
- evlink_smart_wallbox_evb1a
- evlink_city_evc1s7p4_firmware
CWE
CWE-613
Insufficient Session Expiration