Hard-coded Credentials Vulnerability in Schneider Electric's EVlink Products
CVE-2021-22730

9.8CRITICAL

Key Information:

Vendor: Schneider Electric
Status: Evlink City (evc1s22p4 / Evc1s7p4 All Versions Prior To R8 V3.4.0.1), Evlink Parking (evw2 / Evf2 / Ev.2 All Versions Prior To R8 V3.4.0.1), And Evlink Smart Wallbox (evb1a All Versions Prior To R8 V3.4.0.1 )
Vendor: CVE Published:; 21 July 2021

🔔 Create Schneider Electric Vulnerability Alert

What is CVE-2021-22730?

A vulnerability exists in Schneider Electric's EVlink City, EVlink Parking, and EVlink Smart Wallbox products due to hard-coded credentials, allowing attackers to exploit the web server of the charging stations. This exploitation could grant unauthorized administrative access, posing significant security risks to users and systems relying on these devices.

Affected Version(s)

EVlink City (EVC1S22P4 / EVC1S7P4 all prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all prior to R8 V3.4.0.1 ) EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 )

References

http://download.schneider-electric.com/files?p_Doc_Ref=SE...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 21, 2021
Vulnerability Reserved
Jan 6, 2021