Hard-coded Password Vulnerability in Schneider Electric's EVlink Series
CVE-2021-22729
Key Information:
What is CVE-2021-22729?
A vulnerability has been identified in Schneider Electric's EVlink series products, specifically in the EVlink City, EVlink Parking, and EVlink Smart Wallbox models. This issue stems from the use of hard-coded passwords, which could allow unauthorized access to the charging station's web server, potentially granting attackers administrative privileges. It is crucial for users of affected models to upgrade to R8 V3.4.0.1 to mitigate the risks associated with this vulnerability. For detailed information, refer to the official Schneider Electric documentation.
Affected Version(s)
EVlink City (EVC1S22P4 / EVC1S7P4 all prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all prior to R8 V3.4.0.1 ) EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 )