Code Injection Vulnerability in EVLink Parking by Schneider Electric
CVE-2018-7801

8.8HIGH

Key Information:

Vendor
Schneider Electric
Status
Evlink Parking V3.2.0-12 V1 And Earlier
Vendor
CVE Published:
24 December 2018

Summary

A code injection vulnerability in EVLink Parking allows attackers to execute arbitrary code by gaining maximum privileges. Any user exploiting this flaw could potentially manipulate the system, leading to unauthorized access and control. Versions prior to v3.2.0-12_v1 are particularly at risk. It is crucial to apply necessary patches and updates to safeguard your systems against this vulnerability.

Affected Version(s)

EVLink Parking v3.2.0-12_v1 and earlier EVLink Parking v3.2.0-12_v1 and earlier

References

https://www.schneider-electric.com/en/download/document/S...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/106807
vdb-entryx_refsource_BID
https://ics-cert.us-cert.gov/advisories/ICSA-19-031-01
x_refsource_MISC

EPSS Score

10% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.