Vulnerability Details CVE-2021-22820
A CWE-614 Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain an unauthorized access over a hijacked session to the charger station web server even after the legitimate user account holder has changed his password. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2)
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.6%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2021-22820
-
cpe:2.3:h:schneider-electric:evlink_city_evc1s22p4:-
-
cpe:2.3:h:schneider-electric:evlink_city_evc1s7p4:-
-
cpe:2.3:h:schneider-electric:evlink_parking_evf2:-
-
cpe:2.3:h:schneider-electric:evlink_parking_evp2pe:-
-
cpe:2.3:h:schneider-electric:evlink_parking_evw2:-
-
cpe:2.3:h:schneider-electric:evlink_smart_wallbox_evb1a:-
-
cpe:2.3:o:schneider-electric:evlink_city_evc1s22p4_firmware:-
-
cpe:2.3:o:schneider-electric:evlink_city_evc1s7p4_firmware:-
-
cpe:2.3:o:schneider-electric:evlink_parking_evf2_firmware:-
-
cpe:2.3:o:schneider-electric:evlink_parking_evp2pe_firmware:*
-
cpe:2.3:o:schneider-electric:evlink_parking_evw2_firmware:-
-
cpe:2.3:o:schneider-electric:evlink_smart_wallbox_evb1a_firmware:-