Server-Side Request Forgery Vulnerability in Schneider Electric EVlink Products
CVE-2021-22726

8.1HIGH

What is CVE-2021-22726?

A Server-Side Request Forgery (SSRF) vulnerability affects Schneider Electric’s EVlink City, EVlink Parking, and EVlink Smart Wallbox products. This vulnerability allows attackers to exploit crafted malicious parameters submitted to the charging station web server, potentially leading to unauthorized actions or data exposure. Affected versions are all prior to R8 V3.4.0.1, making it crucial for users to apply the necessary updates to safeguard their systems.

Affected Version(s)

EVlink City (EVC1S22P4 / EVC1S7P4 all prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all prior to R8 V3.4.0.1 ) EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 )

References

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.