What is the vulnerability ID?

The vulnerability ID is CVE-2021-22729.

What is the severity of CVE-2021-22729?

CVE-2021-22729 has a severity level of 9.8 (Critical).

Which software versions are affected by CVE-2021-22729?

EVlink City (EVC1S22P4 / EVC1S7P4) versions prior to R8 V3.4.0.1, EVlink Parking (EVW2 / EVF2 / EV.2) versions prior to R8 V3.4.0.1, and EVlink Smart Wallbox (EVB1A) versions prior to R8 V3.4.0.1 are affected.

How can an attacker exploit CVE-2021-22729?

An attacker can exploit CVE-2021-22729 by leveraging the use of hard-coded passwords in Schneider-electric EVlink City, EVlink Parking, and EVlink Smart Wallbox devices.

Is there a fix available for CVE-2021-22729?

Yes, upgrading to EVlink City (EVC1S22P4 / EVC1S7P4 / EVW2 / EVF2 / EV.2) R8 V3.4.0.1 or later, or EVlink Smart Wallbox (EVB1A) R8 V3.4.0.1 or later, will fix the vulnerability.

Vulnerability/
CVE-2021-22729

critical

CWE

259

21/7/2021

3/8/2024

CVE-2021-22729

First published: Wed Jul 21 2021(Updated: )

A CWE-259: Use of Hard-coded Password vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to gain unauthorized administrative privileges when accessing to the charging station web server.

Credit: cybersecurity@se.com

Affected Software	Affected Version	How to fix
Schneider-electric Evlink City Evc1s22p4 Firmware	<r8_v3.4.0.1
Schneider-electric Evlink City Evc1s22p4
Schneider-electric Evlink City Evc1s7p4 Firmware	<r8_v3.4.0.1
Schneider-electric Evlink City Evc1s7p4
Schneider-electric Evlink Parking Evw2 Firmware	<r8_v3.4.0.1
Schneider-electric Evlink Parking Evw2
Schneider-electric Evlink Parking Evf2 Firmware	<r8_v3.4.0.1
Schneider-electric Evlink Parking Evf2
Schneider-electric Evlink Parking Ev.2 Firmware	<r8_v3.4.0.1
Schneider-electric Evlink Parking Ev.2
Schneider-electric Evlink Smart Wallbox Evb1a Firmware	<r8_v3.4.0.1
Schneider-electric Evlink Smart Wallbox Evb1a

Never miss a vulnerability like this again

Reference Links

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06

Frequently Asked Questions

What is the vulnerability ID?
The vulnerability ID is CVE-2021-22729.
What is the severity of CVE-2021-22729?
CVE-2021-22729 has a severity level of 9.8 (Critical).
Which software versions are affected by CVE-2021-22729?
EVlink City (EVC1S22P4 / EVC1S7P4) versions prior to R8 V3.4.0.1, EVlink Parking (EVW2 / EVF2 / EV.2) versions prior to R8 V3.4.0.1, and EVlink Smart Wallbox (EVB1A) versions prior to R8 V3.4.0.1 are affected.
How can an attacker exploit CVE-2021-22729?
An attacker can exploit CVE-2021-22729 by leveraging the use of hard-coded passwords in Schneider-electric EVlink City, EVlink Parking, and EVlink Smart Wallbox devices.
Is there a fix available for CVE-2021-22729?
Yes, upgrading to EVlink City (EVC1S22P4 / EVC1S7P4 / EVW2 / EVF2 / EV.2) R8 V3.4.0.1 or later, or EVlink Smart Wallbox (EVB1A) R8 V3.4.0.1 or later, will fix the vulnerability.

collector/nvd-index
agent/weakness
agent/references
agent/severity
agent/author
agent/type
agent/tags
agent/event
agent/description
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
vendor/schneider-electric
canonical/schneider-electric evlink city evc1s22p4 firmware
canonical/schneider-electric evlink city evc1s22p4
canonical/schneider-electric evlink city evc1s7p4 firmware
canonical/schneider-electric evlink city evc1s7p4
canonical/schneider-electric evlink parking evw2 firmware
canonical/schneider-electric evlink parking evw2
canonical/schneider-electric evlink parking evf2 firmware
canonical/schneider-electric evlink parking evf2
canonical/schneider-electric evlink parking ev.2 firmware
canonical/schneider-electric evlink parking ev.2
canonical/schneider-electric evlink smart wallbox evb1a firmware
canonical/schneider-electric evlink smart wallbox evb1a