Cross-site Scripting Vulnerability in Schneider Electric EVlink Products
CVE-2021-22723
Key Information:
What is CVE-2021-22723?
A vulnerability has been identified in Schneider Electric's EVlink products that allows an attacker to execute cross-site scripting attacks by leveraging improper input neutralization. This vulnerability permits unauthorized impersonation of users managing local charging stations. Attackers can send specifically crafted requests to the web server of the charging station, potentially compromising user actions and system integrity. It is crucial for users of affected EVlink products to upgrade to version R8 V3.4.0.1 or later to mitigate these risks.
Affected Version(s)
EVlink City (EVC1S22P4 / EVC1S7P4 all prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all prior to R8 V3.4.0.1 ) EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 )