Use of One-Way Hash Without Salt in Schneider Electric EVlink Products
CVE-2021-22774

7.5HIGH

What is CVE-2021-22774?

A vulnerability exists in various Schneider Electric EVlink products that allows attackers to exploit the use of a one-way hash without a salt, potentially compromising user account credentials. This weakness can be targeted using dictionary attack techniques, leading to unauthorized access to user information stored in charging stations. Ensuring that proper hashing practices are followed is crucial for safeguarding user data against such exploits.

Affected Version(s)

EVlink City (EVC1S22P4 / EVC1S7P4 all prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all prior to R8 V3.4.0.1 ) EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 )

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2021-22774 : Use of One-Way Hash Without Salt in Schneider Electric EVlink Products