Stored Cross-site Scripting Vulnerability in Schneider Electric EVlink Products
CVE-2021-22722

5.4MEDIUM

Key Information:

Vendor: Schneider Electric
Status: Evlink City (evc1s22p4 / Evc1s7p4 All Versions Prior To R8 V3.4.0.1), Evlink Parking (evw2 / Evf2 / Ev.2 All Versions Prior To R8 V3.4.0.1), And Evlink Smart Wallbox (evb1a All Versions Prior To R8 V3.4.0.1 )
Vendor: CVE Published:; 21 July 2021

🔔 Create Schneider Electric Vulnerability Alert

What is CVE-2021-22722?

A Stored Cross-site Scripting vulnerability exists in various Schneider Electric EVlink products, which can lead to code injection. This issue arises when users import a CSV file or modify station parameters, potentially allowing malicious scripts to be executed in the context of a web browser. Users are advised to update to R8 V3.4.0.1 or later to mitigate these risks.

Affected Version(s)

EVlink City (EVC1S22P4 / EVC1S7P4 all prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all prior to R8 V3.4.0.1 ) EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 )

References

http://download.schneider-electric.com/files?p_Doc_Ref=SE...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 21, 2021
Vulnerability Reserved
Jan 6, 2021