Lucene search
K

223 matches found

NVD
NVD
added 2022/01/28 8:15 p.m.22 views

CVE-2021-22725

A CVE-352 Cross-Site Request Forgery CSRF vulnerability exists that could allow an attacker to impersonate the user or carry out actions on their behalf when crafted malicious parameters are submitted in POST requests sent to the charging station web server. Affected Products: EVlink City EVC1S22...

8.8CVSS0.00468EPSS
Exploits0References1
OSV
OSV
added 2022/01/28 8:15 p.m.2 views

CVE-2021-22725

A CVE-352 Cross-Site Request Forgery CSRF vulnerability exists that could allow an attacker to impersonate the user or carry out actions on their behalf when crafted malicious parameters are submitted in POST requests sent to the charging station web server. Affected Products: EVlink City EVC1S22...

8.8CVSS5.8AI score0.00468EPSS
Exploits0References1
Prion
Prion
added 2022/01/28 8:15 p.m.19 views

Session fixation

A CWE-614 Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain an unauthorized access over a hijacked session to the charger station web server even after the legitimate user account holder has changed his password. Affected Products: EVlink City EVC1S22P4...

7.5CVSS9.1AI score0.01084EPSS
Exploits0References1Affected Software6
Prion
Prion
added 2022/01/28 8:15 p.m.26 views

Authentication flaw

A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to gain unauthorized access to the charging station web interface by performing brute force attacks. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 All versions prior to R8...

5CVSS7.6AI score0.01005EPSS
Exploits0References1Affected Software6
Prion
Prion
added 2022/01/28 8:15 p.m.21 views

Server side request forgery (ssrf)

A CWE-918 Server-Side Request Forgery SSRF vulnerability exists that could cause the station web server to forward requests to unintended network targets when crafted malicious parameters are submitted to the charging station web server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 All...

5CVSS8.4AI score0.00823EPSS
Exploits0References1Affected Software6
Prion
Prion
added 2022/01/28 8:15 p.m.15 views

Cross site scripting

A CWE-79 Improper Neutralization of Input During Web Page Generation ?Cross-site Scripting? vulnerability exists that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted malicious parameters are submitted to the chargi...

4.3CVSS6.2AI score0.00562EPSS
Exploits0References1Affected Software6
Prion
Prion
added 2022/01/28 8:15 p.m.18 views

Input validation

A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 All...

4.3CVSS4.7AI score0.00651EPSS
Exploits0References1Affected Software6
Prion
Prion
added 2022/01/28 8:15 p.m.13 views

Cross site request forgery (csrf)

A CVE-352 Cross-Site Request Forgery CSRF vulnerability exists that could allow an attacker to impersonate the user or carry out actions on their behalf when crafted malicious parameters are submitted in POST requests sent to the charging station web server. Affected Products: EVlink City EVC1S22...

6.8CVSS8.6AI score0.00468EPSS
Exploits0References1Affected Software6
CVE
CVE
added 2022/01/28 7:9 p.m.64 views

CVE-2021-22822

CVE-2021-22822 affects Schneider Electric EVlink family (City EVC1S22P4 / EVC1S7P4, Parking EVW2/EVF2/EVP2PE, Smart Wallbox EVB1A) with all versions prior to R8 V3.4.0.2. It is a CWE-79 Cross-site Scripting issue arising from improper neutralization of input during web page generation, enabling a...

6.1CVSS6.2AI score0.00562EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/01/28 7:9 p.m.63 views

CVE-2021-22821

CVE-2021-22821 describes a CWE-918 Server-Side Request Forgery (SSRF) in Schneider Electric EVlink charging solutions. The vulnerability affects EVlink City EVC1S22P4 / EVC1S7P4, EVlink Parking EVW2 / EVF2 / EVP2PE, and EVlink Smart Wallbox EVB1A, with all versions prior to R8 V3.4.0.2. The root ...

8.6CVSS8.4AI score0.00823EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/01/28 7:9 p.m.35 views

CVE-2021-22820

A CWE-614 Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain an unauthorized access over a hijacked session to the charger station web server even after the legitimate user account holder has changed his password. Affected Products: EVlink City EVC1S22P4...

9.4AI score0.01084EPSS
Exploits0References1
CVE
CVE
added 2022/01/28 7:9 p.m.59 views

CVE-2021-22820

CVE-2021-22820 describes a CWE-614Insufficient Session Expiration vulnerability in Schneider Electric EVlink products. Affected are EVlink City (EVC1S22P4/EVC1S7P4), EVlink Parking (EVW2/EVF2/EVP2PE), and EVlink Smart Wallbox (EVB1A), with all versions prior to R8 V3.4.0.2. The issue allows an at...

9.8CVSS9.1AI score0.01084EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/01/28 7:9 p.m.24 views

CVE-2021-22819

A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 All...

5AI score0.00651EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/01/28 7:9 p.m.27 views

CVE-2021-22818

A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to gain unauthorized access to the charging station web interface by performing brute force attacks. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 All versions prior to R8...

7.9AI score0.01005EPSS
Exploits0References1
CVE
CVE
added 2022/01/28 7:9 p.m.55 views

CVE-2021-22818

The vulnerability CVE-2021-22818 affects Schneider Electric EVlink charging solutions: EVlink City EVC1S22P4/EVC1S7P4, EVlink Parking EVW2/EVF2/EVP2PE, and EVlink Smart Wallbox EVB1A, all versions prior to R8 V3.4.0.2. Root cause: CWE-307 Improper Restriction of Excessive Authentication Attempts,...

7.5CVSS7.6AI score0.01005EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/01/28 7:9 p.m.54 views

CVE-2021-22819

The CVE-2021-22819 entry describes a CWE-1021 vulnerability in Schneider Electric EVlink products where UI rendered in iframes can lead to unintended modification of product settings or user accounts when a user is deceived into interacting with the embedded interface. Affected are EVlink City (E...

4.3CVSS4.6AI score0.00651EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/01/28 7:9 p.m.55 views

CVE-2021-22725

CVE-2021-22725 describes a Cross-Site Request Forgery (CSRF) affecting Schneider Electric EVlink charging products. The issue allows an attacker to impersonate an authenticated user and perform actions on the charging station web server by submitting crafted POST parameters. Affected products and...

8.8CVSS8.6AI score0.00468EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/01/28 7:9 p.m.57 views

CVE-2021-22724

Schneider Electric EVlink CSRF vulnerability (CVE-2021-22724) affects EVlink City EVC1S22P4/EVC1S7P4, EVlink Parking EVW2/EVF2/EVP2PE, and EVlink Smart Wallbox EVB1A, all versions prior to R8 V3.4.0.2. A Cross-Site Request Forgery exists in the charging-station web server that can allow an attack...

8.8CVSS8.6AI score0.00468EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/01/28 7:9 p.m.27 views

CVE-2021-22724

A CVE-352 Cross-Site Request Forgery CSRF vulnerability exists that could allow an attacker to impersonate the user or carry out actions on their behalf when crafted malicious parameters are submitted in POST requests sent to the charging station web server. Affected Products: EVlink City EVC1S22...

8.9AI score0.00468EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/01/28 12:0 a.m.5 views

多款Schneider Electric产品跨站请求伪造漏洞

Schneider Electric EVlink City, among others, is a charging solution for electric vehicle charging stations from Schneider Electric, a French company. A cross-site request forgery vulnerability exists in several Schneider Electric products, which can be exploited by an attacker to impersonate a...

8.8CVSS7.7AI score0.00468EPSS
Exploits0References2
Rows per page
Query Builder