A CWE-614 Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain an unauthorized access over a hijacked session to the charger station web server even after the legitimate user account holder has changed his password. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2)
2022-01-28T20:15:10.463
2024-11-21T05:50:44.370
Modified
CVSSv3.1: 9.8 (CRITICAL)
AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | schneider-electric | evlink_city_evc1s22p4_firmware | < 3.4.0.2 | Yes |
| Hardware | schneider-electric | evlink_city_evc1s22p4 | - | No |
| Operating System | schneider-electric | evlink_city_evc1s7p4_firmware | < 3.4.0.2 | Yes |
| Hardware | schneider-electric | evlink_city_evc1s7p4 | - | No |
| Operating System | schneider-electric | evlink_parking_evw2_firmware | < 3.4.0.2 | Yes |
| Hardware | schneider-electric | evlink_parking_evw2 | - | No |
| Operating System | schneider-electric | evlink_parking_evf2_firmware | < 3.4.0.2 | Yes |
| Hardware | schneider-electric | evlink_parking_evf2 | - | No |
| Operating System | schneider-electric | evlink_parking_evp2pe_firmware | < 3.4.0.2 | Yes |
| Hardware | schneider-electric | evlink_parking_evp2pe | - | No |
| Operating System | schneider-electric | evlink_smart_wallbox_evb1a_firmware | < 3.4.0.2 | Yes |
| Hardware | schneider-electric | evlink_smart_wallbox_evb1a | - | No |