PT-2022-9275 · Schneider Electric · Evlink Parking Evf2+4
Published
2022-01-28
·
Updated
2022-09-28
·
CVE-2021-22724
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
EVlink City EVC1S22P4 / EVC1S7P4 versions prior to R8 V3.4.0.2
EVlink Parking EVW2 / EVF2 / EVP2PE versions prior to R8 V3.4.0.2
EVlink Smart Wallbox EVB1A versions prior to R8 V3.4.0.2
Description
A Cross-Site Request Forgery (CSRF) issue exists, allowing an attacker to impersonate a user or perform actions on their behalf by submitting crafted malicious parameters in POST requests to the charging station web server.
Recommendations
For EVlink City EVC1S22P4 / EVC1S7P4 versions prior to R8 V3.4.0.2, update to R8 V3.4.0.2 or later.
For EVlink Parking EVW2 / EVF2 / EVP2PE versions prior to R8 V3.4.0.2, update to R8 V3.4.0.2 or later.
For EVlink Smart Wallbox EVB1A versions prior to R8 V3.4.0.2, update to R8 V3.4.0.2 or later.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Evlink City Evc1S22P4
Evlink City Evc1S7P4
Evlink Parking Evf2
Evlink Parking Evp2Pe
Evlink Smart Wallbox Evb1A