Improper Authentication Attack Vulnerability in Schneider Electric EVlink Charging Stations
CVE-2021-22818

7.5HIGH

Key Information:

Vendor: Schneider Electric
Status: Evlink City Evc1s22p4 Firmware
Vendor: CVE Published:; 28 January 2022

Summary

A vulnerability exists in Schneider Electric's EVlink charging stations where improper restrictions on authentication attempts may enable unauthorized users to gain access to the web interface. This security flaw can be exploited through brute force attacks, potentially compromising the integrity of the device. Affected products include various models of EVlink City, Parking, and Smart Wallbox that are prior to the software version R8 V3.4.0.2. Users are encouraged to apply necessary security updates to mitigate this risk.

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 28, 2022
Vulnerability Reserved
Jan 6, 2021