Use of Hard-coded Credentials in Schneider Electric EVlink Products
CVE-2021-22707
Key Information:
What is CVE-2021-22707?
A vulnerability exists in multiple Schneider Electric EVlink products due to the presence of hard-coded credentials. This can enable an attacker to gain unauthorized administrative access to the charging station's web server, potentially allowing for the issuance of unauthorized commands. Affected products include various models of EVlink City, EVlink Parking, and EVlink Smart Wallbox, all prior to specific software versions.
Affected Version(s)
EVlink City (EVC1S22P4 / EVC1S7P4 all prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all prior to R8 V3.4.0.1 ) EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 )
References
EPSS Score
90% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved