PT-2021-3727 · Schneider Electric · Evlink Parking+2
Published
2021-07-13
·
Updated
2021-07-28
·
CVE-2021-22708
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
EVlink City versions prior to R8 V3.4.0.1
EVlink Parking versions prior to R8 V3.4.0.1
EVlink Smart Wallbox versions prior to R8 V3.4.0.1
Description
A vulnerability exists due to improper verification of cryptographic signatures, which could allow an attacker to craft a malicious firmware package and bypass the signature verification mechanism. This issue is related to errors in checking cryptographic signatures, potentially enabling a remote attacker to create a harmful package and evade the signature verification process.
Recommendations
For EVlink City versions prior to R8 V3.4.0.1, update to version R8 V3.4.0.1 or later to resolve the issue.
For EVlink Parking versions prior to R8 V3.4.0.1, update to version R8 V3.4.0.1 or later to resolve the issue.
For EVlink Smart Wallbox versions prior to R8 V3.4.0.1, update to version R8 V3.4.0.1 or later to resolve the issue.
Fix
Improper Verification of Cryptographic Signature
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Evlink City
Evlink Parking
Evlink Smart Wallbox