PT-2021-7773 · Schneider Electric · Evlink Parking+2
Published
2021-07-13
·
Updated
2021-07-28
·
CVE-2021-22729
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
EVlink City versions prior to R8 V3.4.0.1
EVlink Parking versions prior to R8 V3.4.0.1
EVlink Smart Wallbox versions prior to R8 V3.4.0.1
Description
A hard-coded password issue exists that could allow an attacker to gain unauthorized administrative privileges when accessing the charging station web server. This could be exploited by a remote attacker to obtain administrative access.
Recommendations
For EVlink City versions prior to R8 V3.4.0.1, update to R8 V3.4.0.1 or later to resolve the issue.
For EVlink Parking versions prior to R8 V3.4.0.1, update to R8 V3.4.0.1 or later to resolve the issue.
For EVlink Smart Wallbox versions prior to R8 V3.4.0.1, update to R8 V3.4.0.1 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Evlink City
Evlink Parking
Evlink Smart Wallbox