PT-2021-7733 · Schneider Electric · Evlink Parking+2
Published
2021-07-13
·
Updated
2021-07-28
·
CVE-2021-22723
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
EVlink City versions prior to R8 V3.4.0.1
EVlink Parking versions prior to R8 V3.4.0.1
EVlink Smart Wallbox versions prior to R8 V3.4.0.1
Description
A Cross-site Scripting (XSS) vulnerability exists due to improper neutralization of input during web page generation, which can be exploited through Cross-Site Request Forgery (CSRF). This issue could allow an attacker to impersonate the user managing the charging station or carry out actions on their behalf by submitting crafted malicious parameters to the charging station web server.
Recommendations
For EVlink City versions prior to R8 V3.4.0.1, update to R8 V3.4.0.1 or later to resolve the issue.
For EVlink Parking versions prior to R8 V3.4.0.1, update to R8 V3.4.0.1 or later to resolve the issue.
For EVlink Smart Wallbox versions prior to R8 V3.4.0.1, update to R8 V3.4.0.1 or later to resolve the issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Evlink City
Evlink Parking
Evlink Smart Wallbox