← back
CVE-2021-22707

CVE-2021-22707

EPSS 64.6%CWE-798
In short

These EV charging station devices contain hardcoded credentials in their software, allowing anyone who discovers them to gain admin access to the device's web interface and control the charging stations without permission.

Technical detail

CWE-798 hardcoded credentials vulnerability affecting EVlink City, Parking, and Smart Wallbox devices (all versions before R8 V3.4.0.1). An attacker with network access to the web server can authenticate using embedded administrative credentials to execute unauthorized administrative commands and potentially disrupt charging operations or extract sensitive data.

Summary generated and translated by AI from the official description.
A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to issue unauthorized commands to the charging station web server with administrative privileges.
Affected products
n/a · EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 )

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06