Unverified Password Change Vulnerability in EVlink Products by Schneider Electric
CVE-2021-22773

6.5MEDIUM

What is CVE-2021-22773?

An unverified password change vulnerability exists in Schneider Electric's EVlink products, which could allow an unauthorized attacker to alter a user's password via the charging station's web server interface. This flaw affects all versions of EVlink City, EVlink Parking, and EVlink Smart Wallbox prior to R8 V3.4.0.1, posing security risks for users by potentially enabling unwanted access to their accounts.

Affected Version(s)

EVlink City (EVC1S22P4 / EVC1S7P4 all prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all prior to R8 V3.4.0.1 ) EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 )

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2021-22773 : Unverified Password Change Vulnerability in EVlink Products by Schneider Electric