PT-2022-9289 · Schneider Electric · Evlink Parking Evf2+4
Published
2022-01-28
·
Updated
2022-02-03
·
CVE-2021-22819
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
EVlink City EVC1S22P4 / EVC1S7P4 versions prior to R8 V3.4.0.2
EVlink Parking EVW2 / EVF2 / EVP2PE versions prior to R8 V3.4.0.2
EVlink Smart Wallbox EVB1A versions prior to R8 V3.4.0.2
Description
A vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. This issue arises due to improper restriction of rendered UI layers or frames.
Recommendations
For EVlink City EVC1S22P4 / EVC1S7P4 versions prior to R8 V3.4.0.2, update to R8 V3.4.0.2 or later.
For EVlink Parking EVW2 / EVF2 / EVP2PE versions prior to R8 V3.4.0.2, update to R8 V3.4.0.2 or later.
For EVlink Smart Wallbox EVB1A versions prior to R8 V3.4.0.2, update to R8 V3.4.0.2 or later.
Fix
Clickjacking
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Evlink City Evc1S22P4
Evlink City Evc1S7P4
Evlink Parking Evf2
Evlink Parking Evp2Pe
Evlink Smart Wallbox Evb1A