CVE-2021-22729

Published: Jul 21, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A CWE-259: Use of Hard-coded Password vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to gain unauthorized administrative privileges when accessing to the charging station web server.

Affected (6)

Products: Schneider Electric: Evlink City Evc1s22p4 Firmware, Evlink City Evc1s7p4 Firmware, Evlink Parking Evw2 Firmware, Evlink Parking Evf2 Firmware, Evlink Parking Ev.2 Firmware, Evlink Smart Wallbox Evb1a Firmware

Schneider Electric

6 products

Evlink City Evc1s22p4 Firmware

Evlink City Evc1s7p4 Firmware

Evlink Parking Evw2 Firmware

Evlink Parking Evf2 Firmware

Evlink Parking Ev.2 Firmware

Evlink Smart Wallbox Evb1a Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Evlink City Evc1s22p4 Firmware	Before r8_v3.4.0.1

Running on/with	Platform Versions
Schneider Electric Evlink City Evc1s22p4	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Evlink City Evc1s7p4 Firmware	Before r8_v3.4.0.1

Running on/with	Platform Versions
Schneider Electric Evlink City Evc1s7p4	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Evlink Parking Evw2 Firmware	Before r8_v3.4.0.1

Running on/with	Platform Versions
Schneider Electric Evlink Parking Evw2	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Evlink Parking Evf2 Firmware	Before r8_v3.4.0.1

Running on/with	Platform Versions
Schneider Electric Evlink Parking Evf2	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Evlink Parking Ev.2 Firmware	Before r8_v3.4.0.1

Running on/with	Platform Versions
Schneider Electric Evlink Parking Ev.2	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Evlink Smart Wallbox Evb1a Firmware	Before r8_v3.4.0.1

Running on/with	Platform Versions
Schneider Electric Evlink Smart Wallbox Evb1a	All versions

Related CWEs

CWE-259

Use of Hard-coded Password

The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.

References (2)

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06

Source: cybersecurity@se.com

Vendor Advisory

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.