PT-2021-7782 · Schneider Electric · Evlink Parking+2
Viperbluff
·
Published
2021-12-14
·
Updated
2022-09-28
·
CVE-2021-22725
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
EVlink City versions prior to R8 V3.4.0.2
EVlink Parking versions prior to R8 V3.4.0.2
EVlink Smart Wallbox versions prior to R8 V3.4.0.2
Description
The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This vulnerability can be exploited by a remote attacker to impersonate a user managing the charging station. The exploitation occurs when crafted malicious parameters are submitted in POST requests to the charging station web server.
Recommendations
For EVlink City versions prior to R8 V3.4.0.2, update to version R8 V3.4.0.2 or later.
For EVlink Parking versions prior to R8 V3.4.0.2, update to version R8 V3.4.0.2 or later.
For EVlink Smart Wallbox versions prior to R8 V3.4.0.2, update to version R8 V3.4.0.2 or later.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Evlink City
Evlink Parking
Evlink Smart Wallbox