Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-22822

A CWE-79 Improper Neutralization of Input During Web Page Generation (�Cross-site Scripting�) vulnerability exists that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted malicious parameters are submitted to the charging station web server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2)

Published

2022-01-28T20:15:10.573

Last Modified

2024-11-21T05:50:44.643

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

8.6

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-79
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System schneider-electric evlink_city_evc1s22p4_firmware < 3.4.0.2 Yes
Hardware schneider-electric evlink_city_evc1s22p4 - No
Operating System schneider-electric evlink_city_evc1s7p4_firmware < 3.4.0.2 Yes
Hardware schneider-electric evlink_city_evc1s7p4 - No
Operating System schneider-electric evlink_parking_evw2_firmware < 3.4.0.2 Yes
Hardware schneider-electric evlink_parking_evw2 - No
Operating System schneider-electric evlink_parking_evf2_firmware < 3.4.0.2 Yes
Hardware schneider-electric evlink_parking_evf2 - No
Operating System schneider-electric evlink_parking_evp2pe_firmware < 3.4.0.2 Yes
Hardware schneider-electric evlink_parking_evp2pe - No
Operating System schneider-electric evlink_smart_wallbox_evb1a_firmware < 3.4.0.2 Yes
Hardware schneider-electric evlink_smart_wallbox_evb1a - No
References