CVE-2021-22822

A CWE-79 Improper Neutralization of Input During Web Page Generation (?Cross-site Scripting?) vulnerability exists that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted malicious parameters are submitted to the charging station web server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2)
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:schneider-electric:evlink_city_evc1s22p4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:evlink_city_evc1s22p4:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:schneider-electric:evlink_city_evc1s7p4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:evlink_city_evc1s7p4:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:schneider-electric:evlink_parking_evw2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:evlink_parking_evw2:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:schneider-electric:evlink_parking_evf2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:evlink_parking_evf2:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:schneider-electric:evlink_parking_evp2pe_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:evlink_parking_evp2pe:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:schneider-electric:evlink_smart_wallbox_evb1a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:evlink_smart_wallbox_evb1a:-:*:*:*:*:*:*:*

History

03 Feb 2022, 19:13

Type Values Removed Values Added
First Time Schneider-electric evlink Parking Evp2pe Firmware
Schneider-electric evlink City Evc1s7p4
Schneider-electric evlink Smart Wallbox Evb1a Firmware
Schneider-electric evlink City Evc1s22p4 Firmware
Schneider-electric evlink Parking Evp2pe
Schneider-electric evlink City Evc1s7p4 Firmware
Schneider-electric evlink City Evc1s22p4
Schneider-electric evlink Smart Wallbox Evb1a
Schneider-electric evlink Parking Evw2
Schneider-electric evlink Parking Evf2
Schneider-electric evlink Parking Evw2 Firmware
Schneider-electric evlink Parking Evf2 Firmware
CPE cpe:2.3:o:schneider-electric:evc1s22p4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:evc1s7p4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:evw2:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:evb1a:-:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:evp2pe_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electrice:evw2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:evb1a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:evc1s7p4:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:evp2pe:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:evc1s22p4:-:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:evf2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:evf2:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:evlink_parking_evf2:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:evlink_smart_wallbox_evb1a:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:evlink_city_evc1s22p4:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:evlink_city_evc1s7p4:-:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:evlink_city_evc1s22p4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:evlink_parking_evp2pe:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:evlink_parking_evw2:-:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:evlink_parking_evp2pe_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:evlink_city_evc1s7p4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:evlink_smart_wallbox_evb1a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:evlink_parking_evw2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:evlink_parking_evf2_firmware:*:*:*:*:*:*:*:*

03 Feb 2022, 15:56

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 4.3
v3 : 6.1
References (MISC) https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-02 - (MISC) https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-02 - Patch, Vendor Advisory
CWE CWE-79
First Time Schneider-electric evc1s7p4 Firmware
Schneider-electrice
Schneider-electric evb1a Firmware
Schneider-electric evp2pe Firmware
Schneider-electric evw2
Schneider-electric evb1a
Schneider-electric evc1s22p4
Schneider-electric evc1s22p4 Firmware
Schneider-electric evf2 Firmware
Schneider-electric evf2
Schneider-electric evp2pe
Schneider-electric
Schneider-electric evc1s7p4
Schneider-electrice evw2 Firmware
CPE cpe:2.3:o:schneider-electric:evc1s22p4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:evc1s7p4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:evw2:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:evb1a:-:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:evp2pe_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electrice:evw2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:evb1a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:evc1s7p4:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:evp2pe:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:evc1s22p4:-:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:evf2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:evf2:-:*:*:*:*:*:*:*

28 Jan 2022, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-01-28 20:15

Updated : 2022-05-16 23:19


NVD link : CVE-2021-22822

Mitre link : CVE-2021-22822


JSON object : View

Products Affected

schneider-electric

  • evlink_parking_evw2
  • evlink_smart_wallbox_evb1a_firmware
  • evlink_city_evc1s7p4
  • evlink_parking_evw2_firmware
  • evlink_parking_evf2
  • evlink_city_evc1s7p4_firmware
  • evlink_city_evc1s22p4
  • evlink_parking_evp2pe_firmware
  • evlink_parking_evf2_firmware
  • evlink_city_evc1s22p4_firmware
  • evlink_smart_wallbox_evb1a
  • evlink_parking_evp2pe
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')