Cross site scripting

2021-07-2115:15:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.0%

JSON

A CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted malicious parameters are submitted to the charging station web server.

CPENameOperatorVersion
evlink_city_evc1s22p4_firmwareeq< r8-v3.4.0.1
evlink_city_evc1s7p4_firmwareeq< r8-v3.4.0.1
evlink_parking_ev.2_firmwareeq< r8-v3.4.0.1
evlink_parking_evf2_firmwareeq< r8-v3.4.0.1
evlink_parking_evw2_firmwareeq< r8-v3.4.0.1
evlink_smart_wallbox_evb1a_firmwareeq< r8-v3.4.0.1

Name	Operator	Version
evlink_city_evc1s22p4_firmware	eq	< r8-v3.4.0.1
evlink_city_evc1s7p4_firmware	eq	< r8-v3.4.0.1
evlink_parking_ev.2_firmware	eq	< r8-v3.4.0.1
evlink_parking_evf2_firmware	eq	< r8-v3.4.0.1
evlink_parking_evw2_firmware	eq	< r8-v3.4.0.1
evlink_smart_wallbox_evb1a_firmware	eq	< r8-v3.4.0.1

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06