CVE-2021-22722

Published: Jul 21, 2021Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Stored Cross-site Scripting') vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could cause code injection when importing a CSV file or changing station parameters.

Affected (6)

Products: Schneider Electric: Evlink City Evc1s22p4 Firmware, Evlink City Evc1s7p4 Firmware, Evlink Parking Evw2 Firmware, Evlink Parking Evf2 Firmware, Evlink Parking Ev.2 Firmware, Evlink Smart Wallbox Evb1a Firmware

Schneider Electric

6 products

Evlink City Evc1s22p4 Firmware

Evlink City Evc1s7p4 Firmware

Evlink Parking Evw2 Firmware

Evlink Parking Evf2 Firmware

Evlink Parking Ev.2 Firmware

Evlink Smart Wallbox Evb1a Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Evlink City Evc1s22p4 Firmware	Before r8_v3.4.0.1

Running on/with	Platform Versions
Schneider Electric Evlink City Evc1s22p4	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Evlink City Evc1s7p4 Firmware	Before r8_v3.4.0.1

Running on/with	Platform Versions
Schneider Electric Evlink City Evc1s7p4	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Evlink Parking Evw2 Firmware	Before r8_v3.4.0.1

Running on/with	Platform Versions
Schneider Electric Evlink Parking Evw2	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Evlink Parking Evf2 Firmware	Before r8_v3.4.0.1

Running on/with	Platform Versions
Schneider Electric Evlink Parking Evf2	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Evlink Parking Ev.2 Firmware	Before r8_v3.4.0.1

Running on/with	Platform Versions
Schneider Electric Evlink Parking Ev.2	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Evlink Smart Wallbox Evb1a Firmware	Before r8_v3.4.0.1

Running on/with	Platform Versions
Schneider Electric Evlink Smart Wallbox Evb1a	All versions

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06

Source: cybersecurity@se.com

Vendor Advisory

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.