Schneider-electric Evlink_parking_ev.2_firmware
13 CVEs affecting Schneider-electric Evlink_parking_ev.2_firmware. Latest disclosed: 2021-07-21. Critical: 4, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-22730 | Critical | 9.8 | 2021-07-21 | A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / E… |
CVE-2021-22729 | Critical | 9.8 | 2021-07-21 | A CWE-259: Use of Hard-coded Password vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2… |
CVE-2021-22727 | Critical | 9.8 | 2021-07-21 | A CWE-331: Insufficient Entropy vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV… |
CVE-2021-22707 | Critical | 9.8 | 2021-07-21 | A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / E… |
CVE-2021-22726 | High | 8.1 | 2021-07-21 | A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW… |
CVE-2021-22774 | High | 7.5 | 2021-07-21 | A CWE-759: Use of a One-Way Hash without a Salt vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (E… |
CVE-2021-22708 | High | 7.2 | 2021-07-21 | A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlin… |
CVE-2021-22773 | Medium | 6.5 | 2021-07-21 | A CWE-620: Unverified Password Change vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2… |
CVE-2021-22728 | Medium | 6.5 | 2021-07-21 | A CWE-200: Information Exposure vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV… |
CVE-2021-22723 | Medium | 6.1 | 2021-07-21 | A CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-siteScripting) through Cross-Site Request Forgery (CSRF) vulnerability exists in E… |
CVE-2021-22706 | Medium | 6.1 | 2021-07-21 | A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all ve… |
CVE-2021-22722 | Medium | 5.4 | 2021-07-21 | A CWE-79: Improper Neutralization of Input During Web Page Generation ('Stored Cross-site Scripting') vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4… |
CVE-2021-22721 | Medium | 5.3 | 2021-07-21 | A CWE-200: Information Exposure vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV… |