CVE-2021-22822: XSS
First published: Fri Jan 28 2022(Updated: )
A CWE-79 Improper Neutralization of Input During Web Page Generation (?Cross-site Scripting?) vulnerability exists that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted malicious parameters are submitted to the charging station web server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2)
Credit: cybersecurity@se.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schneider-electric Evlink City Evc1s22p4 Firmware | <3.4.0.2 | |
| Schneider-electric Evlink City Evc1s22p4 | ||
| Schneider-electric Evlink City Evc1s7p4 Firmware | <3.4.0.2 | |
| Schneider-electric Evlink City Evc1s7p4 | ||
| Schneider-electric Evlink Parking Evw2 Firmware | <3.4.0.2 | |
| Schneider-electric Evlink Parking Evw2 | ||
| Schneider-electric Evlink Parking Evf2 Firmware | <3.4.0.2 | |
| Schneider-electric Evlink Parking Evf2 | ||
| Schneider-electric Evlink Parking Evp2pe Firmware | <3.4.0.2 | |
| Schneider-electric Evlink Parking Evp2pe | ||
| Schneider-electric Evlink Smart Wallbox Evb1a Firmware | <3.4.0.2 | |
| Schneider-electric Evlink Smart Wallbox Evb1a |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID is CVE-2021-22822.
What is the severity level of CVE-2021-22822?
The severity level of CVE-2021-22822 is medium.
Which software versions are affected by CVE-2021-22822?
Schneider-electric Evlink City Evc1s22p4 Firmware up to version 3.4.0.2, Schneider-electric Evlink Parking Evw2 Firmware up to version 3.4.0.2, Schneider-electric Evlink Parking Evf2 Firmware up to version 3.4.0.2, Schneider-electric Evlink Parking Evp2pe Firmware up to version 3.4.0.2, and Schneider-electric Evlink Smart Wallbox Evb1a Firmware up to version 3.4.0.2 are affected by CVE-2021-22822.
What is the CWE classification of CVE-2021-22822?
CVE-2021-22822 is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation).
How can I fix the CVE-2021-22822 vulnerability?
To fix the CVE-2021-22822 vulnerability, it is recommended to update the affected Schneider-electric firmware versions to a version higher than 3.4.0.2.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/description
- agent/remedy
- agent/event
- agent/tags
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/schneider-electric
- canonical/schneider-electric evlink city evc1s22p4 firmware
- canonical/schneider-electric evlink city evc1s22p4
- canonical/schneider-electric evlink city evc1s7p4 firmware
- canonical/schneider-electric evlink city evc1s7p4
- canonical/schneider-electric evlink parking evw2 firmware
- canonical/schneider-electric evlink parking evw2
- canonical/schneider-electric evlink parking evf2 firmware
- canonical/schneider-electric evlink parking evf2
- canonical/schneider-electric evlink parking evp2pe firmware
- canonical/schneider-electric evlink parking evp2pe
- canonical/schneider-electric evlink smart wallbox evb1a firmware
- canonical/schneider-electric evlink smart wallbox evb1a