CVE-2021-22773

A CWE-620: Unverified Password Change vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker connected to the charging station web server to modify the password of a user.

CVSS v3 6.5 MEDIUM
CVSS v2.0 4.0 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:h:schneider-electric:evlink_city_evc1s22p4:-:*:*:*:*:*:*:*

cpe:2.3:o:schneider-electric:evlink_city_evc1s22p4_firmware:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:h:schneider-electric:evlink_city_evc1s7p4:-:*:*:*:*:*:*:*

cpe:2.3:o:schneider-electric:evlink_city_evc1s7p4_firmware:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:schneider-electric:evlink_parking_evw2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:evlink_parking_evw2:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:schneider-electric:evlink_parking_evf2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:evlink_parking_evf2:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:schneider-electric:evlink_parking_ev.2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:evlink_parking_ev.2:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:schneider-electric:evlink_smart_wallbox_evb1a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:evlink_smart_wallbox_evb1a:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-07-21 15:15

Updated : 2021-07-28 14:37

NVD link : CVE-2021-22773

Mitre link : CVE-2021-22773

CVE.ORG link : CVE-2021-22773

JSON object : View

Products Affected

schneider-electric

evlink_city_evc1s22p4_firmware
evlink_smart_wallbox_evb1a
evlink_parking_evf2
evlink_city_evc1s22p4
evlink_parking_evw2_firmware
evlink_parking_evf2_firmware
evlink_parking_ev.2_firmware
evlink_smart_wallbox_evb1a_firmware
evlink_parking_ev.2
evlink_parking_evw2
evlink_city_evc1s7p4
evlink_city_evc1s7p4_firmware

CWE

CWE-620

Unverified Password Change

6.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

4.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2021-22773

6.5^/10

4.0^/10

Attach tags to `CVE-2021-22773`