Schneider-electric Evlink_parking_evf2_firmware

18 CVEs affecting Schneider-electric Evlink_parking_evf2_firmware. Latest disclosed: 2022-01-28. Critical: 5, High: 5.

Top CVEs affecting Schneider-electric Evlink_parking_evf2_firmware
CVESeverityScorePublishedSummary
CVE-2021-22820Critical9.82022-01-28A CWE-614 Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain an unauthorized access over a hijacked session to the c…
CVE-2021-22730Critical9.82021-07-21A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / E…
CVE-2021-22729Critical9.82021-07-21A CWE-259: Use of Hard-coded Password vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2…
CVE-2021-22727Critical9.82021-07-21A CWE-331: Insufficient Entropy vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV…
CVE-2021-22707Critical9.82021-07-21A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / E…
CVE-2021-22821High8.62022-01-28A CWE-918 Server-Side Request Forgery (SSRF) vulnerability exists that could cause the station web server to forward requests to unintended network targets whe…
CVE-2021-22726High8.12021-07-21A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW…
CVE-2021-22818High7.52022-01-28A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to gain unauthorized access to the chargi…
CVE-2021-22774High7.52021-07-21A CWE-759: Use of a One-Way Hash without a Salt vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (E…
CVE-2021-22708High7.22021-07-21A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlin…
CVE-2021-22773Medium6.52021-07-21A CWE-620: Unverified Password Change vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2…
CVE-2021-22728Medium6.52021-07-21A CWE-200: Information Exposure vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV…
CVE-2021-22822Medium6.12022-01-28A CWE-79 Improper Neutralization of Input During Web Page Generation (�Cross-site Scripting�) vulnerability exists that could allow an attacker to impersonate…
CVE-2021-22723Medium6.12021-07-21A CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-siteScripting) through Cross-Site Request Forgery (CSRF) vulnerability exists in E…
CVE-2021-22706Medium6.12021-07-21A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all ve…
CVE-2021-22722Medium5.42021-07-21A CWE-79: Improper Neutralization of Input During Web Page Generation ('Stored Cross-site Scripting') vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4…
CVE-2021-22721Medium5.32021-07-21A CWE-200: Information Exposure vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV…
CVE-2021-22819Medium4.32022-01-28A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user…