CVE-2021-22821: SSRF
First published: Fri Jan 28 2022(Updated: )
A CWE-918 Server-Side Request Forgery (SSRF) vulnerability exists that could cause the station web server to forward requests to unintended network targets when crafted malicious parameters are submitted to the charging station web server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2)
Credit: cybersecurity@se.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schneider-electric Evlink City Evc1s22p4 Firmware | <3.4.0.2 | |
| Schneider-electric Evlink City Evc1s22p4 | ||
| Schneider-electric Evlink City Evc1s7p4 Firmware | <3.4.0.2 | |
| Schneider-electric Evlink City Evc1s7p4 | ||
| Schneider-electric Evlink Parking Evw2 Firmware | <3.4.0.2 | |
| Schneider-electric Evlink Parking Evw2 | ||
| Schneider-electric Evlink Parking Evf2 Firmware | <3.4.0.2 | |
| Schneider-electric Evlink Parking Evf2 | ||
| Schneider-electric Evlink Parking Evp2pe Firmware | <3.4.0.2 | |
| Schneider-electric Evlink Parking Evp2pe | ||
| Schneider-electric Evlink Smart Wallbox Evb1a Firmware | <3.4.0.2 | |
| Schneider-electric Evlink Smart Wallbox Evb1a |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this security issue?
The vulnerability ID for this security issue is CVE-2021-22821.
What is the severity of CVE-2021-22821?
The severity of CVE-2021-22821 is high, with a severity value of 8.6.
What is the CWE ID for this vulnerability?
The CWE ID for this vulnerability is CWE-918.
Which products are affected by this vulnerability?
The affected products are EVlink City EVC1S22P4, EVlink City EVC1S7P4, EVlink Parking EVW2, EVlink Parking EVF2, EVlink Parking EVP2PE, and Evlink Smart Wallbox EVB1A.
How can I fix this vulnerability?
To fix this vulnerability, update the affected products to a version that is above 3.4.0.2.
- collector/nvd-index
- agent/author
- agent/weakness
- agent/type
- agent/severity
- agent/references
- agent/description
- agent/tags
- agent/event
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/schneider-electric
- canonical/schneider-electric evlink city evc1s22p4 firmware
- canonical/schneider-electric evlink city evc1s22p4
- canonical/schneider-electric evlink city evc1s7p4 firmware
- canonical/schneider-electric evlink city evc1s7p4
- canonical/schneider-electric evlink parking evw2 firmware
- canonical/schneider-electric evlink parking evw2
- canonical/schneider-electric evlink parking evf2 firmware
- canonical/schneider-electric evlink parking evf2
- canonical/schneider-electric evlink parking evp2pe firmware
- canonical/schneider-electric evlink parking evp2pe
- canonical/schneider-electric evlink smart wallbox evb1a firmware
- canonical/schneider-electric evlink smart wallbox evb1a