CVE-2021-22722
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
21/07/2021
Last modified:
27/07/2021
Description
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Stored Cross-site Scripting') vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could cause code injection when importing a CSV file or changing station parameters.
Impact
Base Score 3.x
5.40
Severity 3.x
MEDIUM
Base Score 2.0
3.50
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:schneider-electric:evlink_city_evc1s22p4_firmware:*:*:*:*:*:*:*:* | r8_v3.4.0.1 (excluding) | |
| cpe:2.3:h:schneider-electric:evlink_city_evc1s22p4:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:schneider-electric:evlink_city_evc1s7p4_firmware:*:*:*:*:*:*:*:* | r8_v3.4.0.1 (excluding) | |
| cpe:2.3:h:schneider-electric:evlink_city_evc1s7p4:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:schneider-electric:evlink_parking_evw2_firmware:*:*:*:*:*:*:*:* | r8_v3.4.0.1 (excluding) | |
| cpe:2.3:h:schneider-electric:evlink_parking_evw2:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:schneider-electric:evlink_parking_evf2_firmware:*:*:*:*:*:*:*:* | r8_v3.4.0.1 (excluding) | |
| cpe:2.3:h:schneider-electric:evlink_parking_evf2:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:schneider-electric:evlink_parking_ev.2_firmware:*:*:*:*:*:*:*:* | r8_v3.4.0.1 (excluding) | |
| cpe:2.3:h:schneider-electric:evlink_parking_ev.2:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:schneider-electric:evlink_smart_wallbox_evb1a_firmware:*:*:*:*:*:*:*:* | r8_v3.4.0.1 (excluding) | |
| cpe:2.3:h:schneider-electric:evlink_smart_wallbox_evb1a:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page