Schneider-electric Evlink_parking_evf2
18 CVEs affecting Schneider-electric Evlink_parking_evf2. Latest disclosed: 2022-01-28. Critical: 5, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-22820 | Critical | 9.8 | 2022-01-28 | A CWE-614 Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain an unauthorized access over a hijacked session to the c… |
CVE-2021-22730 | Critical | 9.8 | 2021-07-21 | A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / E… |
CVE-2021-22729 | Critical | 9.8 | 2021-07-21 | A CWE-259: Use of Hard-coded Password vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2… |
CVE-2021-22727 | Critical | 9.8 | 2021-07-21 | A CWE-331: Insufficient Entropy vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV… |
CVE-2021-22707 | Critical | 9.8 | 2021-07-21 | A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / E… |
CVE-2021-22821 | High | 8.6 | 2022-01-28 | A CWE-918 Server-Side Request Forgery (SSRF) vulnerability exists that could cause the station web server to forward requests to unintended network targets whe… |
CVE-2021-22726 | High | 8.1 | 2021-07-21 | A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW… |
CVE-2021-22818 | High | 7.5 | 2022-01-28 | A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to gain unauthorized access to the chargi… |
CVE-2021-22774 | High | 7.5 | 2021-07-21 | A CWE-759: Use of a One-Way Hash without a Salt vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (E… |
CVE-2021-22708 | High | 7.2 | 2021-07-21 | A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlin… |
CVE-2021-22773 | Medium | 6.5 | 2021-07-21 | A CWE-620: Unverified Password Change vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2… |
CVE-2021-22728 | Medium | 6.5 | 2021-07-21 | A CWE-200: Information Exposure vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV… |
CVE-2021-22822 | Medium | 6.1 | 2022-01-28 | A CWE-79 Improper Neutralization of Input During Web Page Generation (�Cross-site Scripting�) vulnerability exists that could allow an attacker to impersonate… |
CVE-2021-22723 | Medium | 6.1 | 2021-07-21 | A CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-siteScripting) through Cross-Site Request Forgery (CSRF) vulnerability exists in E… |
CVE-2021-22706 | Medium | 6.1 | 2021-07-21 | A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all ve… |
CVE-2021-22722 | Medium | 5.4 | 2021-07-21 | A CWE-79: Improper Neutralization of Input During Web Page Generation ('Stored Cross-site Scripting') vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4… |
CVE-2021-22721 | Medium | 5.3 | 2021-07-21 | A CWE-200: Information Exposure vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV… |
CVE-2021-22819 | Medium | 4.3 | 2022-01-28 | A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user… |