First published: Fri Jan 28 2022(Updated: )
A CWE-918 Server-Side Request Forgery (SSRF) vulnerability exists that could cause the station web server to forward requests to unintended network targets when crafted malicious parameters are submitted to the charging station web server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2)
Credit: cybersecurity@se.com
Affected Software | Affected Version | How to fix |
---|---|---|
Schneider-electric Evc1s22p4 Firmware | <3.4.0.2 | |
Schneider-electric Evlink City Evc1s22p4 Firmware | ||
Schneider Electric Evlink City EVC1S7P4 Firmware | <3.4.0.2 | |
Schneider-electric Evlink City Evc1s7p4 Firmware | ||
Schneider Electric Evlink Parking Evw2 | <3.4.0.2 | |
Schneider Electric Evlink Parking Evw2 | ||
Schneider Electric Evlink Parking | <3.4.0.2 | |
Schneider Electric Evlink Parking Evf2 | ||
Schneider Electric Evlink Parking EVp2pe Firmware | <3.4.0.2 | |
Schneider-electric Evlink Parking Evp2pe Firmware | ||
Schneider Electric Evlink Smart Wallbox EVB1A Firmware | <3.4.0.2 | |
Schneider Electric Evlink Smart Wallbox EVB1A Firmware |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this security issue is CVE-2021-22821.
The severity of CVE-2021-22821 is high, with a severity value of 8.6.
The CWE ID for this vulnerability is CWE-918.
The affected products are EVlink City EVC1S22P4, EVlink City EVC1S7P4, EVlink Parking EVW2, EVlink Parking EVF2, EVlink Parking EVP2PE, and Evlink Smart Wallbox EVB1A.
To fix this vulnerability, update the affected products to a version that is above 3.4.0.2.