8.1
CVE-2021-22726
- EPSS 0.19%
- Published 21.07.2021 15:15:14
- Last modified 21.11.2024 05:50:32
- Source cybersecurity@se.com
- Teams watchlist Login
- Open Login
A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to perform unintended actions or access to data when crafted malicious parameters are submitted to the charging station web server.
Data is provided by the National Vulnerability Database (NVD)
Schneider-electric ≫ Evlink City Evc1s22p4 Firmware Version < r8_v3.4.0.1
Schneider-electric ≫ Evlink City Evc1s7p4 Firmware Version < r8_v3.4.0.1
Schneider-electric ≫ Evlink Parking Evw2 Firmware Version < r8_v3.4.0.1
Schneider-electric ≫ Evlink Parking Evf2 Firmware Version < r8_v3.4.0.1
Schneider-electric ≫ Evlink Parking Ev.2 Firmware Version < r8_v3.4.0.1
Schneider-electric ≫ Evlink Smart Wallbox Evb1a Firmware Version < r8_v3.4.0.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.375 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
|
| nvd@nist.gov | 5.5 | 8 | 4.9 |
AV:N/AC:L/Au:S/C:P/I:P/A:N
|
CWE-918 Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.