Lucene search

[email protected]NVD:CVE-2021-22727

HistoryJul 21, 2021 - 3:15 p.m.

CVE-2021-22727

2021-07-2115:15:14

CWE-331

[email protected]

web.nvd.nist.gov

cwe-331

evlink city

evlink parking

evlink smart wallbox

unauthorized access

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

60.7%

JSON

A CWE-331: Insufficient Entropy vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to gain unauthorized access to the charging station web server

Affected configurations

Nvd

Node

schneider-electricevlink_city_evc1s22p4_firmwareRange<r8_v3.4.0.1

AND

schneider-electricevlink_city_evc1s22p4Match-

Node

schneider-electricevlink_city_evc1s7p4_firmwareRange<r8_v3.4.0.1

AND

schneider-electricevlink_city_evc1s7p4Match-

Node

schneider-electricevlink_parking_evw2_firmwareRange<r8_v3.4.0.1

AND

schneider-electricevlink_parking_evw2Match-

Node

schneider-electricevlink_parking_evf2_firmwareRange<r8_v3.4.0.1

AND

schneider-electricevlink_parking_evf2Match-

Node

schneider-electricevlink_parking_ev.2_firmwareRange<r8_v3.4.0.1

AND

schneider-electricevlink_parking_ev.2Match-

Node

schneider-electricevlink_smart_wallbox_evb1a_firmwareRange<r8_v3.4.0.1

AND

schneider-electricevlink_smart_wallbox_evb1aMatch-

VendorProductVersionCPE
schneider-electricevlink_city_evc1s22p4_firmware*cpe:2.3:o:schneider-electric:evlink_city_evc1s22p4_firmware:*:*:*:*:*:*:*:*
schneider-electricevlink_city_evc1s22p4-cpe:2.3:h:schneider-electric:evlink_city_evc1s22p4:-:*:*:*:*:*:*:*
schneider-electricevlink_city_evc1s7p4_firmware*cpe:2.3:o:schneider-electric:evlink_city_evc1s7p4_firmware:*:*:*:*:*:*:*:*
schneider-electricevlink_city_evc1s7p4-cpe:2.3:h:schneider-electric:evlink_city_evc1s7p4:-:*:*:*:*:*:*:*
schneider-electricevlink_parking_evw2_firmware*cpe:2.3:o:schneider-electric:evlink_parking_evw2_firmware:*:*:*:*:*:*:*:*
schneider-electricevlink_parking_evw2-cpe:2.3:h:schneider-electric:evlink_parking_evw2:-:*:*:*:*:*:*:*
schneider-electricevlink_parking_evf2_firmware*cpe:2.3:o:schneider-electric:evlink_parking_evf2_firmware:*:*:*:*:*:*:*:*
schneider-electricevlink_parking_evf2-cpe:2.3:h:schneider-electric:evlink_parking_evf2:-:*:*:*:*:*:*:*
schneider-electricevlink_parking_ev.2_firmware*cpe:2.3:o:schneider-electric:evlink_parking_ev.2_firmware:*:*:*:*:*:*:*:*
schneider-electricevlink_parking_ev.2-cpe:2.3:h:schneider-electric:evlink_parking_ev.2:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
schneider-electric	evlink_city_evc1s22p4_firmware	*	cpe:2.3:o:schneider-electric:evlink_city_evc1s22p4_firmware::::::::
schneider-electric	evlink_city_evc1s22p4	-	cpe:2.3:h:schneider-electric:evlink_city_evc1s22p4:-:::::::*
schneider-electric	evlink_city_evc1s7p4_firmware	*	cpe:2.3:o:schneider-electric:evlink_city_evc1s7p4_firmware::::::::
schneider-electric	evlink_city_evc1s7p4	-	cpe:2.3:h:schneider-electric:evlink_city_evc1s7p4:-:::::::*
schneider-electric	evlink_parking_evw2_firmware	*	cpe:2.3:o:schneider-electric:evlink_parking_evw2_firmware::::::::
schneider-electric	evlink_parking_evw2	-	cpe:2.3:h:schneider-electric:evlink_parking_evw2:-:::::::*
schneider-electric	evlink_parking_evf2_firmware	*	cpe:2.3:o:schneider-electric:evlink_parking_evf2_firmware::::::::
schneider-electric	evlink_parking_evf2	-	cpe:2.3:h:schneider-electric:evlink_parking_evf2:-:::::::*
schneider-electric	evlink_parking_ev.2_firmware	*	cpe:2.3:o:schneider-electric:evlink_parking_ev.2_firmware::::::::
schneider-electric	evlink_parking_ev.2	-	cpe:2.3:h:schneider-electric:evlink_parking_ev.2:-:::::::*

Rows per page:

1-10 of 121

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

60.7%

JSON

Related for NVD:CVE-2021-22727

prion1 cnvd1 cvelist1 cve1