What is the vulnerability ID for this vulnerability?

The vulnerability ID for this vulnerability is CVE-2021-22727.

What is the severity level of CVE-2021-22727?

The severity level of CVE-2021-22727 is critical, with a score of 9.8.

Which software versions are affected by CVE-2021-22727?

The EVlink City (EVC1S22P4 / EVC1S7P4) firmware versions prior to R8 V3.4.0.1, EVlink Parking (EVW2 / EVF2 / EV.2) versions prior to R8 V3.4.0.1, and EVlink Smart Wallbox (EVB1A) versions prior to R8 V3.4.0.1 are affected by CVE-2021-22727.

How can an attacker exploit CVE-2021-22727?

An attacker can exploit CVE-2021-22727 by leveraging the insufficient entropy vulnerability to gain unauthorized access.

Where can I find more information about CVE-2021-22727?

You can find more information about CVE-2021-22727 at the following reference: http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06

Vulnerability/
CVE-2021-22727

critical

9.8

CWE

331

21/7/2021

3/8/2024

CVE-2021-22727

First published: Wed Jul 21 2021(Updated: )

A CWE-331: Insufficient Entropy vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to gain unauthorized access to the charging station web server

Credit: cybersecurity@se.com

Affected Software	Affected Version	How to fix
Schneider-electric Evlink City Evc1s22p4 Firmware	<r8_v3.4.0.1
Schneider-electric Evlink City Evc1s22p4
Schneider-electric Evlink City Evc1s7p4 Firmware	<r8_v3.4.0.1
Schneider-electric Evlink City Evc1s7p4
Schneider-electric Evlink Parking Evw2 Firmware	<r8_v3.4.0.1
Schneider-electric Evlink Parking Evw2
Schneider-electric Evlink Parking Evf2 Firmware	<r8_v3.4.0.1
Schneider-electric Evlink Parking Evf2
Schneider-electric Evlink Parking Ev.2 Firmware	<r8_v3.4.0.1
Schneider-electric Evlink Parking Ev.2
Schneider-electric Evlink Smart Wallbox Evb1a Firmware	<r8_v3.4.0.1
Schneider-electric Evlink Smart Wallbox Evb1a

Never miss a vulnerability like this again

Reference Links

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06

Frequently Asked Questions

What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2021-22727.
What is the severity level of CVE-2021-22727?
The severity level of CVE-2021-22727 is critical, with a score of 9.8.
Which software versions are affected by CVE-2021-22727?
The EVlink City (EVC1S22P4 / EVC1S7P4) firmware versions prior to R8 V3.4.0.1, EVlink Parking (EVW2 / EVF2 / EV.2) versions prior to R8 V3.4.0.1, and EVlink Smart Wallbox (EVB1A) versions prior to R8 V3.4.0.1 are affected by CVE-2021-22727.
How can an attacker exploit CVE-2021-22727?
An attacker can exploit CVE-2021-22727 by leveraging the insufficient entropy vulnerability to gain unauthorized access.
Where can I find more information about CVE-2021-22727?
You can find more information about CVE-2021-22727 at the following reference: http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06

collector/nvd-index
agent/weakness
agent/tags
agent/severity
agent/references
agent/author
agent/type
agent/event
agent/description
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
collector/mitre-cve
source/MITRE
vendor/schneider-electric
canonical/schneider-electric evlink city evc1s22p4 firmware
canonical/schneider-electric evlink city evc1s22p4
canonical/schneider-electric evlink city evc1s7p4 firmware
canonical/schneider-electric evlink city evc1s7p4
canonical/schneider-electric evlink parking evw2 firmware
canonical/schneider-electric evlink parking evw2
canonical/schneider-electric evlink parking evf2 firmware
canonical/schneider-electric evlink parking evf2
canonical/schneider-electric evlink parking ev.2 firmware
canonical/schneider-electric evlink parking ev.2
canonical/schneider-electric evlink smart wallbox evb1a firmware
canonical/schneider-electric evlink smart wallbox evb1a