Information Exposure Vulnerability in EVlink Products by Schneider Electric
CVE-2021-22728

6.5MEDIUM

What is CVE-2021-22728?

An information exposure vulnerability in Schneider Electric's EVlink products could allow unauthorized access to sensitive data. Specifically, when accessing the maintenance report of EVlink systems, users may inadvertently expose encrypted credentials. This issue affects multiple products, including EVlink City, EVlink Parking, and EVlink Smart Wallbox across various versions prior to R8 V3.4.0.1. Addressing this vulnerability is critical to ensuring the security and integrity of user data.

Affected Version(s)

EVlink City (EVC1S22P4 / EVC1S7P4 all prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all prior to R8 V3.4.0.1 ) EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 )

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2021-22728 : Information Exposure Vulnerability in EVlink Products by Schneider Electric