Improper Verification of Cryptographic Signature in EVlink Products by Schneider Electric
CVE-2021-22708
7.2HIGH
Key Information:
What is CVE-2021-22708?
A vulnerability exists in various EVlink products from Schneider Electric, where an improper verification of cryptographic signatures can potentially allow attackers to create malicious firmware packages. This flaw affects specific models, enabling unauthorized modification to device firmware and bypassing standard security measures.
Affected Version(s)
EVlink City (EVC1S22P4 / EVC1S7P4 all prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all prior to R8 V3.4.0.1 ) EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 )