A CWE-79 Improper Neutralization of Input During Web Page Generation (?Cross-site Scripting?) vulnerability exists that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted malicious parameters are submitted to the charging station web server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2)
References
Link | Resource |
---|---|
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-02 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
History
03 Feb 2022, 19:13
Type | Values Removed | Values Added |
---|---|---|
First Time |
Schneider-electric evlink Parking Evp2pe Firmware
Schneider-electric evlink City Evc1s7p4 Schneider-electric evlink Smart Wallbox Evb1a Firmware Schneider-electric evlink City Evc1s22p4 Firmware Schneider-electric evlink Parking Evp2pe Schneider-electric evlink City Evc1s7p4 Firmware Schneider-electric evlink City Evc1s22p4 Schneider-electric evlink Smart Wallbox Evb1a Schneider-electric evlink Parking Evw2 Schneider-electric evlink Parking Evf2 Schneider-electric evlink Parking Evw2 Firmware Schneider-electric evlink Parking Evf2 Firmware |
|
CPE | cpe:2.3:o:schneider-electric:evc1s7p4_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evw2:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evb1a:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evp2pe_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electrice:evw2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evb1a_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evc1s7p4:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evp2pe:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evc1s22p4:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evf2_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evf2:-:*:*:*:*:*:*:* |
cpe:2.3:h:schneider-electric:evlink_parking_evf2:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evlink_smart_wallbox_evb1a:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evlink_city_evc1s22p4:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evlink_city_evc1s7p4:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evlink_city_evc1s22p4_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evlink_parking_evp2pe:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evlink_parking_evw2:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evlink_parking_evp2pe_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evlink_city_evc1s7p4_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evlink_smart_wallbox_evb1a_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evlink_parking_evw2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evlink_parking_evf2_firmware:*:*:*:*:*:*:*:* |
03 Feb 2022, 15:56
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-02 - Patch, Vendor Advisory | |
CPE | cpe:2.3:o:schneider-electric:evc1s22p4_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evc1s7p4_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evw2:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evb1a:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evp2pe_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electrice:evw2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evb1a_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evc1s7p4:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evp2pe:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evc1s22p4:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:evf2_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:evf2:-:*:*:*:*:*:*:* |
|
First Time |
Schneider-electric evc1s7p4 Firmware
Schneider-electrice Schneider-electric evb1a Firmware Schneider-electric evp2pe Firmware Schneider-electric evw2 Schneider-electric evb1a Schneider-electric evc1s22p4 Schneider-electric evc1s22p4 Firmware Schneider-electric evf2 Firmware Schneider-electric evf2 Schneider-electric evp2pe Schneider-electric Schneider-electric evc1s7p4 Schneider-electrice evw2 Firmware |
|
CWE | CWE-79 | |
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 6.1 |
28 Jan 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-01-28 20:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-22822
Mitre link : CVE-2021-22822
CVE.ORG link : CVE-2021-22822
JSON object : View
Products Affected
schneider-electric
- evlink_city_evc1s22p4
- evlink_parking_evf2
- evlink_city_evc1s22p4_firmware
- evlink_parking_evp2pe
- evlink_city_evc1s7p4
- evlink_parking_evp2pe_firmware
- evlink_parking_evf2_firmware
- evlink_smart_wallbox_evb1a_firmware
- evlink_parking_evw2_firmware
- evlink_parking_evw2
- evlink_smart_wallbox_evb1a
- evlink_city_evc1s7p4_firmware
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')