PT-2021-7774 · Schneider Electric · Evlink Parking+2

Published

2021-07-13

Updated

2021-07-28

CVE-2021-22730

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions EVlink City versions prior to R8 V3.4.0.1 EVlink Parking versions prior to R8 V3.4.0.1 EVlink Smart Wallbox versions prior to R8 V3.4.0.1

Description A Use of Hard-coded Credentials issue exists, allowing a remote attacker to gain unauthorized administrative privileges when accessing the charging station web server.

Recommendations For EVlink City versions prior to R8 V3.4.0.1, update to R8 V3.4.0.1 or later. For EVlink Parking versions prior to R8 V3.4.0.1, update to R8 V3.4.0.1 or later. For EVlink Smart Wallbox versions prior to R8 V3.4.0.1, update to R8 V3.4.0.1 or later.

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

BDU:2023-02714

CVE-2021-22730

Affected Products

Evlink City

Evlink Parking

Evlink Smart Wallbox

PT-2021-7774 · Schneider Electric · Evlink Parking+2

CVE-2021-22730

Weakness Enumeration

Related Identifiers

Affected Products

References · 9