CVE-2021-22821: SSRF
First published: Fri Jan 28 2022(Updated: )
A CWE-918 Server-Side Request Forgery (SSRF) vulnerability exists that could cause the station web server to forward requests to unintended network targets when crafted malicious parameters are submitted to the charging station web server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2)
Credit: cybersecurity@se.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schneider-electric Evc1s22p4 Firmware | <3.4.0.2 | |
| Schneider-electric Evlink City Evc1s22p4 Firmware | ||
| Schneider Electric Evlink City EVC1S7P4 Firmware | <3.4.0.2 | |
| Schneider-electric Evlink City Evc1s7p4 Firmware | ||
| Schneider Electric Evlink Parking Evw2 | <3.4.0.2 | |
| Schneider Electric Evlink Parking Evw2 | ||
| Schneider Electric Evlink Parking | <3.4.0.2 | |
| Schneider Electric Evlink Parking Evf2 | ||
| Schneider Electric Evlink Parking EVp2pe Firmware | <3.4.0.2 | |
| Schneider-electric Evlink Parking Evp2pe Firmware | ||
| Schneider Electric Evlink Smart Wallbox EVB1A Firmware | <3.4.0.2 | |
| Schneider Electric Evlink Smart Wallbox EVB1A Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this security issue?
The vulnerability ID for this security issue is CVE-2021-22821.
What is the severity of CVE-2021-22821?
The severity of CVE-2021-22821 is high, with a severity value of 8.6.
What is the CWE ID for this vulnerability?
The CWE ID for this vulnerability is CWE-918.
Which products are affected by this vulnerability?
The affected products are EVlink City EVC1S22P4, EVlink City EVC1S7P4, EVlink Parking EVW2, EVlink Parking EVF2, EVlink Parking EVP2PE, and Evlink Smart Wallbox EVB1A.
How can I fix this vulnerability?
To fix this vulnerability, update the affected products to a version that is above 3.4.0.2.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/author
- agent/remedy
- agent/last-modified-date
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/schneider-electric
- canonical/schneider-electric evc1s22p4 firmware
- canonical/schneider-electric evlink city evc1s22p4 firmware
- canonical/schneider electric evlink city evc1s7p4 firmware
- canonical/schneider-electric evlink city evc1s7p4 firmware
- canonical/schneider electric evlink parking evw2
- canonical/schneider electric evlink parking
- canonical/schneider electric evlink parking evf2
- canonical/schneider electric evlink parking evp2pe firmware
- canonical/schneider-electric evlink parking evp2pe firmware
- canonical/schneider electric evlink smart wallbox evb1a firmware