CVE-2021-22818
First published: Fri Jan 28 2022(Updated: )
A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to gain unauthorized access to the charging station web interface by performing brute force attacks. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2)
Credit: cybersecurity@se.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schneider-electric Evc1s22p4 Firmware | <3.4.0.2 | |
| Schneider-electric Evlink City Evc1s22p4 Firmware | ||
| Schneider Electric Evlink City EVC1S7P4 Firmware | <3.4.0.2 | |
| Schneider-electric Evlink City Evc1s7p4 Firmware | ||
| Schneider Electric Evlink Parking Evw2 | <3.4.0.2 | |
| Schneider Electric Evlink Parking Evw2 | ||
| Schneider Electric Evlink Parking | <3.4.0.2 | |
| Schneider Electric Evlink Parking Evf2 | ||
| Schneider Electric Evlink Parking EVp2pe Firmware | <3.4.0.2 | |
| Schneider-electric Evlink Parking Evp2pe Firmware | ||
| Schneider Electric Evlink Smart Wallbox EVB1A Firmware | <3.4.0.2 | |
| Schneider Electric Evlink Smart Wallbox EVB1A Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-22818?
CVE-2021-22818 is a vulnerability that allows an attacker to gain unauthorized access to the charging station web interface.
Which products are affected by CVE-2021-22818?
EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3) and other related firmware versions are affected.
What is the severity of CVE-2021-22818?
CVE-2021-22818 has a severity rating of 7.5 (high).
How can an attacker exploit CVE-2021-22818?
An attacker can exploit CVE-2021-22818 by performing brute force attacks on the charging station web interface.
Is there a fix available for CVE-2021-22818?
Yes, upgrading to version R8 V3 or later for EVlink City EVC1S22P4 / EVC1S7P4 firmware will fix the vulnerability.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/remedy
- agent/last-modified-date
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/schneider-electric
- canonical/schneider-electric evc1s22p4 firmware
- canonical/schneider-electric evlink city evc1s22p4 firmware
- canonical/schneider electric evlink city evc1s7p4 firmware
- canonical/schneider-electric evlink city evc1s7p4 firmware
- canonical/schneider electric evlink parking evw2
- canonical/schneider electric evlink parking
- canonical/schneider electric evlink parking evf2
- canonical/schneider electric evlink parking evp2pe firmware
- canonical/schneider-electric evlink parking evp2pe firmware
- canonical/schneider electric evlink smart wallbox evb1a firmware