CVE-2021-22822: XSS
First published: Fri Jan 28 2022(Updated: )
A CWE-79 Improper Neutralization of Input During Web Page Generation (?Cross-site Scripting?) vulnerability exists that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted malicious parameters are submitted to the charging station web server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2)
Credit: cybersecurity@se.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schneider-electric Evc1s22p4 Firmware | <3.4.0.2 | |
| Schneider-electric Evlink City Evc1s22p4 Firmware | ||
| Schneider Electric Evlink City EVC1S7P4 Firmware | <3.4.0.2 | |
| Schneider-electric Evlink City Evc1s7p4 Firmware | ||
| Schneider Electric Evlink Parking Evw2 | <3.4.0.2 | |
| Schneider Electric Evlink Parking Evw2 | ||
| Schneider Electric Evlink Parking | <3.4.0.2 | |
| Schneider Electric Evlink Parking Evf2 | ||
| Schneider Electric Evlink Parking EVp2pe Firmware | <3.4.0.2 | |
| Schneider-electric Evlink Parking Evp2pe Firmware | ||
| Schneider Electric Evlink Smart Wallbox EVB1A Firmware | <3.4.0.2 | |
| Schneider Electric Evlink Smart Wallbox EVB1A Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID is CVE-2021-22822.
What is the severity level of CVE-2021-22822?
The severity level of CVE-2021-22822 is medium.
Which software versions are affected by CVE-2021-22822?
Schneider-electric Evlink City Evc1s22p4 Firmware up to version 3.4.0.2, Schneider-electric Evlink Parking Evw2 Firmware up to version 3.4.0.2, Schneider-electric Evlink Parking Evf2 Firmware up to version 3.4.0.2, Schneider-electric Evlink Parking Evp2pe Firmware up to version 3.4.0.2, and Schneider-electric Evlink Smart Wallbox Evb1a Firmware up to version 3.4.0.2 are affected by CVE-2021-22822.
What is the CWE classification of CVE-2021-22822?
CVE-2021-22822 is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation).
How can I fix the CVE-2021-22822 vulnerability?
To fix the CVE-2021-22822 vulnerability, it is recommended to update the affected Schneider-electric firmware versions to a version higher than 3.4.0.2.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/remedy
- agent/last-modified-date
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/schneider-electric
- canonical/schneider-electric evc1s22p4 firmware
- canonical/schneider-electric evlink city evc1s22p4 firmware
- canonical/schneider electric evlink city evc1s7p4 firmware
- canonical/schneider-electric evlink city evc1s7p4 firmware
- canonical/schneider electric evlink parking evw2
- canonical/schneider electric evlink parking
- canonical/schneider electric evlink parking evf2
- canonical/schneider electric evlink parking evp2pe firmware
- canonical/schneider-electric evlink parking evp2pe firmware
- canonical/schneider electric evlink smart wallbox evb1a firmware