A CWE-918 Server-Side Request Forgery (SSRF) vulnerability exists that could cause the station web server to forward requests to unintended network targets when crafted malicious parameters are submitted to the charging station web server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2)
References
Link | Resource |
---|---|
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-02 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
History
03 Feb 2022, 19:11
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:schneider-electric:evc1s7p4_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evw2:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evb1a:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evw2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evp2pe_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evb1a_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evc1s7p4:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evp2pe:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evc1s22p4:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evf2_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evf2:-:*:*:*:*:*:*:* |
cpe:2.3:h:schneider-electric:evlink_parking_evf2:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evlink_smart_wallbox_evb1a:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evlink_city_evc1s22p4:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evlink_city_evc1s7p4:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evlink_city_evc1s22p4_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evlink_parking_evp2pe:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evlink_parking_evw2:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evlink_parking_evp2pe_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evlink_city_evc1s7p4_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evlink_smart_wallbox_evb1a_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evlink_parking_evw2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evlink_parking_evf2_firmware:*:*:*:*:*:*:*:* |
First Time |
Schneider-electric evlink Parking Evp2pe Firmware
Schneider-electric evlink City Evc1s7p4 Schneider-electric evlink Smart Wallbox Evb1a Firmware Schneider-electric evlink City Evc1s22p4 Firmware Schneider-electric evlink Parking Evp2pe Schneider-electric evlink City Evc1s7p4 Firmware Schneider-electric evlink City Evc1s22p4 Schneider-electric evlink Smart Wallbox Evb1a Schneider-electric evlink Parking Evw2 Schneider-electric evlink Parking Evf2 Schneider-electric evlink Parking Evw2 Firmware Schneider-electric evlink Parking Evf2 Firmware |
03 Feb 2022, 15:48
Type | Values Removed | Values Added |
---|---|---|
First Time |
Schneider-electric evc1s7p4 Firmware
Schneider-electric evb1a Firmware Schneider-electric evp2pe Firmware Schneider-electric evw2 Schneider-electric evw2 Firmware Schneider-electric evb1a Schneider-electric evc1s22p4 Schneider-electric evc1s22p4 Firmware Schneider-electric evf2 Firmware Schneider-electric evf2 Schneider-electric evp2pe Schneider-electric Schneider-electric evc1s7p4 |
|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 8.6 |
CPE | cpe:2.3:o:schneider-electric:evc1s22p4_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evc1s7p4_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evw2:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evb1a:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evw2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evp2pe_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evb1a_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evc1s7p4:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evp2pe:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evc1s22p4:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evf2_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evf2:-:*:*:*:*:*:*:* |
|
References | (MISC) https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-02 - Patch, Vendor Advisory | |
CWE | CWE-918 |
28 Jan 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
CWE |
28 Jan 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-01-28 20:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-22821
Mitre link : CVE-2021-22821
CVE.ORG link : CVE-2021-22821
JSON object : View
Products Affected
schneider-electric
- evlink_parking_evp2pe
- evlink_smart_wallbox_evb1a_firmware
- evlink_parking_evp2pe_firmware
- evlink_parking_evf2
- evlink_city_evc1s22p4_firmware
- evlink_city_evc1s7p4
- evlink_smart_wallbox_evb1a
- evlink_city_evc1s22p4
- evlink_city_evc1s7p4_firmware
- evlink_parking_evw2
- evlink_parking_evf2_firmware
- evlink_parking_evw2_firmware
CWE
CWE-918
Server-Side Request Forgery (SSRF)