223 matches found
CVE-2021-22725
A CVE-352 Cross-Site Request Forgery CSRF vulnerability exists that could allow an attacker to impersonate the user or carry out actions on their behalf when crafted malicious parameters are submitted in POST requests sent to the charging station web server. Affected Products: EVlink City EVC1S22...
CVE-2021-22725
A CVE-352 Cross-Site Request Forgery CSRF vulnerability exists that could allow an attacker to impersonate the user or carry out actions on their behalf when crafted malicious parameters are submitted in POST requests sent to the charging station web server. Affected Products: EVlink City EVC1S22...
Session fixation
A CWE-614 Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain an unauthorized access over a hijacked session to the charger station web server even after the legitimate user account holder has changed his password. Affected Products: EVlink City EVC1S22P4...
Authentication flaw
A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to gain unauthorized access to the charging station web interface by performing brute force attacks. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 All versions prior to R8...
Server side request forgery (ssrf)
A CWE-918 Server-Side Request Forgery SSRF vulnerability exists that could cause the station web server to forward requests to unintended network targets when crafted malicious parameters are submitted to the charging station web server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 All...
Cross site scripting
A CWE-79 Improper Neutralization of Input During Web Page Generation ?Cross-site Scripting? vulnerability exists that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted malicious parameters are submitted to the chargi...
Input validation
A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 All...
Cross site request forgery (csrf)
A CVE-352 Cross-Site Request Forgery CSRF vulnerability exists that could allow an attacker to impersonate the user or carry out actions on their behalf when crafted malicious parameters are submitted in POST requests sent to the charging station web server. Affected Products: EVlink City EVC1S22...
CVE-2021-22822
CVE-2021-22822 affects Schneider Electric EVlink family (City EVC1S22P4 / EVC1S7P4, Parking EVW2/EVF2/EVP2PE, Smart Wallbox EVB1A) with all versions prior to R8 V3.4.0.2. It is a CWE-79 Cross-site Scripting issue arising from improper neutralization of input during web page generation, enabling a...
CVE-2021-22821
CVE-2021-22821 describes a CWE-918 Server-Side Request Forgery (SSRF) in Schneider Electric EVlink charging solutions. The vulnerability affects EVlink City EVC1S22P4 / EVC1S7P4, EVlink Parking EVW2 / EVF2 / EVP2PE, and EVlink Smart Wallbox EVB1A, with all versions prior to R8 V3.4.0.2. The root ...
CVE-2021-22820
A CWE-614 Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain an unauthorized access over a hijacked session to the charger station web server even after the legitimate user account holder has changed his password. Affected Products: EVlink City EVC1S22P4...
CVE-2021-22820
CVE-2021-22820 describes a CWE-614Insufficient Session Expiration vulnerability in Schneider Electric EVlink products. Affected are EVlink City (EVC1S22P4/EVC1S7P4), EVlink Parking (EVW2/EVF2/EVP2PE), and EVlink Smart Wallbox (EVB1A), with all versions prior to R8 V3.4.0.2. The issue allows an at...
CVE-2021-22819
A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 All...
CVE-2021-22818
A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to gain unauthorized access to the charging station web interface by performing brute force attacks. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 All versions prior to R8...
CVE-2021-22818
The vulnerability CVE-2021-22818 affects Schneider Electric EVlink charging solutions: EVlink City EVC1S22P4/EVC1S7P4, EVlink Parking EVW2/EVF2/EVP2PE, and EVlink Smart Wallbox EVB1A, all versions prior to R8 V3.4.0.2. Root cause: CWE-307 Improper Restriction of Excessive Authentication Attempts,...
CVE-2021-22819
The CVE-2021-22819 entry describes a CWE-1021 vulnerability in Schneider Electric EVlink products where UI rendered in iframes can lead to unintended modification of product settings or user accounts when a user is deceived into interacting with the embedded interface. Affected are EVlink City (E...
CVE-2021-22725
CVE-2021-22725 describes a Cross-Site Request Forgery (CSRF) affecting Schneider Electric EVlink charging products. The issue allows an attacker to impersonate an authenticated user and perform actions on the charging station web server by submitting crafted POST parameters. Affected products and...
CVE-2021-22724
Schneider Electric EVlink CSRF vulnerability (CVE-2021-22724) affects EVlink City EVC1S22P4/EVC1S7P4, EVlink Parking EVW2/EVF2/EVP2PE, and EVlink Smart Wallbox EVB1A, all versions prior to R8 V3.4.0.2. A Cross-Site Request Forgery exists in the charging-station web server that can allow an attack...
CVE-2021-22724
A CVE-352 Cross-Site Request Forgery CSRF vulnerability exists that could allow an attacker to impersonate the user or carry out actions on their behalf when crafted malicious parameters are submitted in POST requests sent to the charging station web server. Affected Products: EVlink City EVC1S22...
多款Schneider Electric产品跨站请求伪造漏洞
Schneider Electric EVlink City, among others, is a charging solution for electric vehicle charging stations from Schneider Electric, a French company. A cross-site request forgery vulnerability exists in several Schneider Electric products, which can be exploited by an attacker to impersonate a...