CVE-2021-22818
First published: Fri Jan 28 2022(Updated: )
A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to gain unauthorized access to the charging station web interface by performing brute force attacks. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2)
Credit: cybersecurity@se.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schneider-electric Evlink City Evc1s22p4 Firmware | <3.4.0.2 | |
| Schneider-electric Evlink City Evc1s22p4 | ||
| Schneider-electric Evlink City Evc1s7p4 Firmware | <3.4.0.2 | |
| Schneider-electric Evlink City Evc1s7p4 | ||
| Schneider-electric Evlink Parking Evw2 Firmware | <3.4.0.2 | |
| Schneider-electric Evlink Parking Evw2 | ||
| Schneider-electric Evlink Parking Evf2 Firmware | <3.4.0.2 | |
| Schneider-electric Evlink Parking Evf2 | ||
| Schneider-electric Evlink Parking Evp2pe Firmware | <3.4.0.2 | |
| Schneider-electric Evlink Parking Evp2pe | ||
| Schneider-electric Evlink Smart Wallbox Evb1a Firmware | <3.4.0.2 | |
| Schneider-electric Evlink Smart Wallbox Evb1a |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-22818?
CVE-2021-22818 is a vulnerability that allows an attacker to gain unauthorized access to the charging station web interface.
Which products are affected by CVE-2021-22818?
EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3) and other related firmware versions are affected.
What is the severity of CVE-2021-22818?
CVE-2021-22818 has a severity rating of 7.5 (high).
How can an attacker exploit CVE-2021-22818?
An attacker can exploit CVE-2021-22818 by performing brute force attacks on the charging station web interface.
Is there a fix available for CVE-2021-22818?
Yes, upgrading to version R8 V3 or later for EVlink City EVC1S22P4 / EVC1S7P4 firmware will fix the vulnerability.
- collector/nvd-index
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- vendor/schneider-electric
- canonical/schneider-electric evlink city evc1s22p4 firmware
- canonical/schneider-electric evlink city evc1s22p4
- canonical/schneider-electric evlink city evc1s7p4 firmware
- canonical/schneider-electric evlink city evc1s7p4
- canonical/schneider-electric evlink parking evw2 firmware
- canonical/schneider-electric evlink parking evw2
- canonical/schneider-electric evlink parking evf2 firmware
- canonical/schneider-electric evlink parking evf2
- canonical/schneider-electric evlink parking evp2pe firmware
- canonical/schneider-electric evlink parking evp2pe
- canonical/schneider-electric evlink smart wallbox evb1a firmware
- canonical/schneider-electric evlink smart wallbox evb1a