CVE-2021-22725: CSRF
First published: Fri Jan 28 2022(Updated: )
A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that could allow an attacker to impersonate the user or carry out actions on their behalf when crafted malicious parameters are submitted in POST requests sent to the charging station web server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2)
Credit: cybersecurity@se.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schneider-electric Evlink City Evc1s22p4 Firmware | <3.4.0.2 | |
| Schneider-electric Evc1s22p4 Firmware | ||
| Schneider Electric Evlink City EVC1S7P4 | <3.4.0.2 | |
| Schneider-electric Evlink City Evc1s7p4 Firmware | ||
| Schneider Electric Evw2 | <3.4.0.2 | |
| Schneider Electric Evw2 | ||
| Schneider Electric EVF2 | <3.4.0.2 | |
| Schneider Electric EVF2 | ||
| Schneider Electric EVP2PE Firmware | <3.4.0.2 | |
| Schneider-electric Evp2pe Firmware | ||
| Schneider Electric EVB1A | <3.4.0.2 | |
| Schneider-electric Evlink Smart Wallbox Evb1a |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2021-22725?
CVE-2021-22725 is classified as a medium risk vulnerability due to its potential for cross-site request forgery allowing user impersonation.
How do I fix CVE-2021-22725?
To fix CVE-2021-22725, update the affected Schneider Electric firmware to the latest version above 3.4.0.2.
What products are affected by CVE-2021-22725?
CVE-2021-22725 affects various Schneider Electric products, including the EVlink City EVC1S22P and other similar firmware versions.
What is a Cross-Site Request Forgery in the context of CVE-2021-22725?
A Cross-Site Request Forgery is an attack that tricks a user into submitting unwanted actions on a web application where they are authenticated.
What are the consequences of exploiting CVE-2021-22725?
Exploiting CVE-2021-22725 could allow attackers to impersonate users and perform actions on the charging station web server without their consent.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/remedy
- agent/author
- agent/last-modified-date
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/schneider-electric
- canonical/schneider-electric evlink city evc1s22p4 firmware
- canonical/schneider-electric evc1s22p4 firmware
- canonical/schneider electric evlink city evc1s7p4
- canonical/schneider-electric evlink city evc1s7p4 firmware
- canonical/schneider electric evw2
- canonical/schneider electric evf2
- canonical/schneider electric evp2pe firmware
- canonical/schneider-electric evp2pe firmware
- canonical/schneider electric evb1a
- canonical/schneider-electric evlink smart wallbox evb1a