Insufficient Entropy Vulnerability in Schneider Electric EVlink Charging Stations
CVE-2021-22727
Key Information:
What is CVE-2021-22727?
A vulnerability exists in multiple Schneider Electric EVlink charging station products, specifically linked to insufficient entropy in the random number generation process. This can potentially enable attackers to exploit the weak randomness to gain unauthorized access to the charging station's web server, leading to security breaches. The affected products include various models of EVlink City, EVlink Parking, and EVlink Smart Wallbox, with all versions prior to R8 V3.4.0.1 being susceptible. Users are advised to upgrade to the latest firmware to mitigate risks associated with this flaw.
Affected Version(s)
EVlink City (EVC1S22P4 / EVC1S7P4 all prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all prior to R8 V3.4.0.1 ) EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 )