fkie_nvd - fkie_cve-2021-22727

fkie_cve-2021-22727

Vulnerability from fkie_nvd

Published

2021-07-21 15:15

Modified

2024-11-21 05:50

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

A CWE-331: Insufficient Entropy vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to gain unauthorized access to the charging station web server

References

▶	URL	Tags
	cybersecurity@se.com	http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06	Vendor Advisory

Impacted products

Vendor	Product	Version
schneider-electric	evlink_city_evc1s22p4_firmware	*
schneider-electric	evlink_city_evc1s22p4	-
schneider-electric	evlink_city_evc1s7p4_firmware	*
schneider-electric	evlink_city_evc1s7p4	-
schneider-electric	evlink_parking_evw2_firmware	*
schneider-electric	evlink_parking_evw2	-
schneider-electric	evlink_parking_evf2_firmware	*
schneider-electric	evlink_parking_evf2	-
schneider-electric	evlink_parking_ev.2_firmware	*
schneider-electric	evlink_parking_ev.2	-
schneider-electric	evlink_smart_wallbox_evb1a_firmware	*
schneider-electric	evlink_smart_wallbox_evb1a	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:evlink_city_evc1s22p4_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "28E02076-32CB-4729-B7D1-ACD0A5344A67",
              "versionEndExcluding": "r8_v3.4.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:evlink_city_evc1s22p4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA9F3DA4-C027-4210-8A2B-87121373CE60",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:evlink_city_evc1s7p4_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "243AD74C-064A-49E4-9233-296C090AF0FB",
              "versionEndExcluding": "r8_v3.4.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:evlink_city_evc1s7p4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C224B6C5-BCA4-400A-A50E-017843825356",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:evlink_parking_evw2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B6C21FB-1F08-4E28-81A8-489B7A64D1AA",
              "versionEndExcluding": "r8_v3.4.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:evlink_parking_evw2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "58F33653-E41D-499A-BD44-0D294C003D7B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:evlink_parking_evf2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EB862A8-30DC-4CCF-B88D-853CCC045080",
              "versionEndExcluding": "r8_v3.4.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:evlink_parking_evf2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B266B002-6C10-4E0B-B14C-9C0A55070CD8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:evlink_parking_ev.2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "91F956D0-DFA0-4E31-88F8-DCB304CDF794",
              "versionEndExcluding": "r8_v3.4.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:evlink_parking_ev.2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "84800086-3C16-4C24-B64C-C9959089F903",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:evlink_smart_wallbox_evb1a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B910950C-FF66-47D6-B951-A0EC8556E2F5",
              "versionEndExcluding": "r8_v3.4.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:evlink_smart_wallbox_evb1a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC5D698C-6161-4F6D-94CE-01A0ECA95C47",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-331: Insufficient Entropy vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to gain unauthorized access to the charging station web server"
    },
    {
      "lang": "es",
      "value": "A CWE-331: Se presenta una vulnerabilidad de Entrop\u00eda Insuficiente en EVlink City (EVC1S22P4 / EVC1S7P4 todas las versiones anteriores a R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 todas las versiones anteriores a R8 V3.4.0.1), y EVlink Smart Wallbox (EVB1A todas las versiones anteriores a R8 V3.4.0.1) que podr\u00eda permitir a un atacante conseguir acceso no autorizado al servidor web de la estaci\u00f3n de carga"
    }
  ],
  "id": "CVE-2021-22727",
  "lastModified": "2024-11-21T05:50:32.533",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-07-21T15:15:14.617",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-331"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Primary"
    }
  ]
}

CVE-2021-22727 (GCVE-0-2021-22727)

Vulnerability from cvelistv5

Published

2021-07-21 10:43

Modified

2024-08-03 18:51

Severity ?

CWE

CWE-331 - Insufficient Entropy

Summary

References

►

URL

Tags

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06

x_refsource_MISC