CVE-2021-22728
Severity CVSS v4.0:
Pending analysis
Type:
CWE-200
Information Leak / Disclosure
Publication date:
21/07/2021
Last modified:
28/07/2021
Description
A CWE-200: Information Exposure vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could cause disclosure of encrypted credentials when consulting the maintenance report.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Base Score 2.0
4.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:schneider-electric:evlink_city_evc1s22p4_firmware:*:*:*:*:*:*:*:* | r8_v3.4.0.1 (excluding) | |
| cpe:2.3:h:schneider-electric:evlink_city_evc1s22p4:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:schneider-electric:evlink_city_evc1s7p4_firmware:*:*:*:*:*:*:*:* | r8_v3.4.0.1 (excluding) | |
| cpe:2.3:h:schneider-electric:evlink_city_evc1s7p4:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:schneider-electric:evlink_parking_evw2_firmware:*:*:*:*:*:*:*:* | r8_v3.4.0.1 (excluding) | |
| cpe:2.3:h:schneider-electric:evlink_parking_evw2:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:schneider-electric:evlink_parking_evf2_firmware:*:*:*:*:*:*:*:* | r8_v3.4.0.1 (excluding) | |
| cpe:2.3:h:schneider-electric:evlink_parking_evf2:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:schneider-electric:evlink_parking_ev.2_firmware:*:*:*:*:*:*:*:* | r8_v3.4.0.1 (excluding) | |
| cpe:2.3:h:schneider-electric:evlink_parking_ev.2:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:schneider-electric:evlink_smart_wallbox_evb1a_firmware:*:*:*:*:*:*:*:* | r8_v3.4.0.1 (excluding) | |
| cpe:2.3:h:schneider-electric:evlink_smart_wallbox_evb1a:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page