What is the vulnerability ID for this vulnerability?

The vulnerability ID for this vulnerability is CVE-2021-22774.

What is the severity of CVE-2021-22774?

The severity of CVE-2021-22774 is high with a CVSS score of 7.5.

Which products are affected by CVE-2021-22774?

CVE-2021-22774 affects EVlink City (EVC1S22P4), EVlink Parking (EVW2 / EVF2 / EV.2), and EVlink Smart Wallbox (EVB1A) prior to firmware version R8 V3.4.0.1.

What is the CWE ID for this vulnerability?

The CWE ID for this vulnerability is CWE-759.

How can I fix CVE-2021-22774?

To fix CVE-2021-22774, update the firmware of EVlink City (EVC1S22P4), EVlink Parking (EVW2 / EVF2 / EV.2), and EVlink Smart Wallbox (EVB1A) to version R8 V3.4.0.1 or later.

Vulnerability/
CVE-2021-22774

high

7.5

CWE

916

21/7/2021

3/8/2024

CVE-2021-22774

First published: Wed Jul 21 2021(Updated: )

A CWE-759: Use of a One-Way Hash without a Salt vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could lead an attacker to get knowledge of charging station user account credentials using dictionary attacks techniques.

Credit: cybersecurity@se.com

Affected Software	Affected Version	How to fix
Schneider-electric Evlink City Evc1s22p4 Firmware	<r8_v3.4.0.1
Schneider-electric Evlink City Evc1s22p4
Schneider-electric Evlink City Evc1s7p4 Firmware	<r8_v3.4.0.1
Schneider-electric Evlink City Evc1s7p4
Schneider-electric Evlink Parking Evw2 Firmware	<r8_v3.4.0.1
Schneider-electric Evlink Parking Evw2
Schneider-electric Evlink Parking Evf2 Firmware	<r8_v3.4.0.1
Schneider-electric Evlink Parking Evf2
Schneider-electric Evlink Parking Ev.2 Firmware	<r8_v3.4.0.1
Schneider-electric Evlink Parking Ev.2
Schneider-electric Evlink Smart Wallbox Evb1a Firmware	<r8_v3.4.0.1
Schneider-electric Evlink Smart Wallbox Evb1a

Never miss a vulnerability like this again

Reference Links

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06

Frequently Asked Questions

What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2021-22774.
What is the severity of CVE-2021-22774?
The severity of CVE-2021-22774 is high with a CVSS score of 7.5.
Which products are affected by CVE-2021-22774?
CVE-2021-22774 affects EVlink City (EVC1S22P4), EVlink Parking (EVW2 / EVF2 / EV.2), and EVlink Smart Wallbox (EVB1A) prior to firmware version R8 V3.4.0.1.
What is the CWE ID for this vulnerability?
The CWE ID for this vulnerability is CWE-759.
How can I fix CVE-2021-22774?
To fix CVE-2021-22774, update the firmware of EVlink City (EVC1S22P4), EVlink Parking (EVW2 / EVF2 / EV.2), and EVlink Smart Wallbox (EVB1A) to version R8 V3.4.0.1 or later.

collector/nvd-index
agent/severity
agent/weakness
agent/references
agent/author
agent/event
agent/tags
agent/type
agent/description
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
vendor/schneider-electric
canonical/schneider-electric evlink city evc1s22p4 firmware
canonical/schneider-electric evlink city evc1s22p4
canonical/schneider-electric evlink city evc1s7p4 firmware
canonical/schneider-electric evlink city evc1s7p4
canonical/schneider-electric evlink parking evw2 firmware
canonical/schneider-electric evlink parking evw2
canonical/schneider-electric evlink parking evf2 firmware
canonical/schneider-electric evlink parking evf2
canonical/schneider-electric evlink parking ev.2 firmware
canonical/schneider-electric evlink parking ev.2
canonical/schneider-electric evlink smart wallbox evb1a firmware
canonical/schneider-electric evlink smart wallbox evb1a