EVlink City EVC1S22P4 / EVC1S7P4

CVEs (4)

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2021-22822	Schneider Electric EVlink Smart Wallbox	—	0.00	Jan 28, 2022	A CWE-79 Improper Neutralization of Input During Web Page Generation (�Cross-site Scripting�) vulnerability exists that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted malicious parameters are…
CVE-2021-22821	Schneider Electric EVlink Smart Wallbox	—	0.00	Jan 28, 2022	A CWE-918 Server-Side Request Forgery (SSRF) vulnerability exists that could cause the station web server to forward requests to unintended network targets when crafted malicious parameters are submitted to the charging station web server. Affected Products: EVlink City…
CVE-2021-22820	Schneider Electric EVlink Smart Wallbox	—	0.01	Jan 28, 2022	A CWE-614 Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain an unauthorized access over a hijacked session to the charger station web server even after the legitimate user account holder has changed his password. Affected Products:…
CVE-2021-22819	Schneider Electric EVlink Smart Wallbox	—	0.00	Jan 28, 2022	A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Products: EVlink City…

CVE-2021-22822Jan 28, 2022
Schneider Electric
EVlink Smart Wallbox
risk 0.00cvss —epss 0.00
A CWE-79 Improper Neutralization of Input During Web Page Generation (�Cross-site Scripting�) vulnerability exists that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted malicious parameters are…
CVE-2021-22821Jan 28, 2022
Schneider Electric
EVlink Smart Wallbox
risk 0.00cvss —epss 0.00
A CWE-918 Server-Side Request Forgery (SSRF) vulnerability exists that could cause the station web server to forward requests to unintended network targets when crafted malicious parameters are submitted to the charging station web server. Affected Products: EVlink City…
CVE-2021-22820Jan 28, 2022
Schneider Electric
EVlink Smart Wallbox
risk 0.00cvss —epss 0.01
A CWE-614 Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain an unauthorized access over a hijacked session to the charger station web server even after the legitimate user account holder has changed his password. Affected Products:…
CVE-2021-22819Jan 28, 2022
Schneider Electric
EVlink Smart Wallbox
risk 0.00cvss —epss 0.00
A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Products: EVlink City…