Use of One-Way Hash Without Salt in Schneider Electric EVlink Products
CVE-2021-22774
Key Information:
What is CVE-2021-22774?
A vulnerability exists in various Schneider Electric EVlink products that allows attackers to exploit the use of a one-way hash without a salt, potentially compromising user account credentials. This weakness can be targeted using dictionary attack techniques, leading to unauthorized access to user information stored in charging stations. Ensuring that proper hashing practices are followed is crucial for safeguarding user data against such exploits.
Affected Version(s)
EVlink City (EVC1S22P4 / EVC1S7P4 all prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all prior to R8 V3.4.0.1 ) EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 )