PT-2022-9288 · Schneider Electric · Evlink Parking Evf2+4
Published
2022-01-28
·
Updated
2022-02-03
·
CVE-2021-22818
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
EVlink City EVC1S22P4 / EVC1S7P4 versions prior to R8 V3.4.0.2
EVlink Parking EVW2 / EVF2 / EVP2PE versions prior to R8 V3.4.0.2
EVlink Smart Wallbox EVB1A versions prior to R8 V3.4.0.2
Description
A vulnerability exists that could allow an attacker to gain unauthorized access to the charging station web interface by performing brute force attacks. This issue is related to improper restriction of excessive authentication attempts.
Recommendations
For EVlink City EVC1S22P4 / EVC1S7P4 versions prior to R8 V3.4.0.2, update to version R8 V3.4.0.2 or later.
For EVlink Parking EVW2 / EVF2 / EVP2PE versions prior to R8 V3.4.0.2, update to version R8 V3.4.0.2 or later.
For EVlink Smart Wallbox EVB1A versions prior to R8 V3.4.0.2, update to version R8 V3.4.0.2 or later.
Fix
Improper Restriction of Excessive Authentication Attempts
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Evlink City Evc1S22P4
Evlink City Evc1S7P4
Evlink Parking Evf2
Evlink Parking Evp2Pe
Evlink Smart Wallbox Evb1A