PT-2021-7771 · Schneider Electric · Evlink Parking+2
Published
2021-07-13
·
Updated
2021-07-28
·
CVE-2021-22726
CVSS v2.0
8.5
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:N |
Name of the Vulnerable Software and Affected Versions
EVlink City versions prior to R8 V3.4.0.1
EVlink Parking versions prior to R8 V3.4.0.1
EVlink Smart Wallbox versions prior to R8 V3.4.0.1
Description
A Server-Side Request Forgery (SSRF) issue exists that could allow an attacker to perform unintended actions or access data when crafted malicious parameters are submitted to the charging station web server. This could enable a remote attacker to execute unauthorized actions or gain access to protected information.
Recommendations
For EVlink City versions prior to R8 V3.4.0.1, update to R8 V3.4.0.1 or later to resolve the issue.
For EVlink Parking versions prior to R8 V3.4.0.1, update to R8 V3.4.0.1 or later to resolve the issue.
For EVlink Smart Wallbox versions prior to R8 V3.4.0.1, update to R8 V3.4.0.1 or later to resolve the issue.
As a temporary workaround, consider restricting access to the charging station web server to minimize the risk of exploitation.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Evlink City
Evlink Parking
Evlink Smart Wallbox