CVE-2021-22727 | ByteOS Network

Vulnerability Details :

CVE-2021-22727

Assigner-schneider

Assigner Org ID-076d1eb6-cfab-4401-b34d-6dfc2a413bdb

Published At-21 Jul, 2021 | 10:43

Updated At-03 Aug, 2024 | 18:51

A CWE-331: Insufficient Entropy vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to gain unauthorized access to the charging station web server

EPSS History

Score

Latest Score

-

N/A

Percentile

Latest Percentile

-

N/A

▼Common Vulnerabilities and Exposures (CVE)

Assigner:schneider

Assigner Org ID:076d1eb6-cfab-4401-b34d-6dfc2a413bdb

Published At:21 Jul, 2021 | 10:43

Updated At:03 Aug, 2024 | 18:51

▼CVE Numbering Authority (CNA)

A CWE-331: Insufficient Entropy vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to gain unauthorized access to the charging station web server

Affected Products

Vendor

Product

EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 )

Versions

Affected

EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 )

Problem Types

Type	CWE ID	Description
CWE	CWE-331	CWE-331: Insufficient Entropy

Type: CWE

CWE ID: CWE-331

Description: CWE-331: Insufficient Entropy

References

Hyperlink	Resource
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06	x_refsource_MISC

Hyperlink: http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06

Resource:

x_refsource_MISC

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06	x_refsource_MISC x_transferred

Hyperlink: http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06

Resource:

x_refsource_MISC

x_transferred

▼National Vulnerability Database (NVD)

Source:cybersecurity@se.com

Published At:21 Jul, 2021 | 15:15

Updated At:28 Jul, 2021 | 14:57

A CWE-331: Insufficient Entropy vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to gain unauthorized access to the charging station web server

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P

Type: Primary

Version: 3.1

Base score: 9.8

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 7.5

Base severity: HIGH

Vector:

AV:N/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

Schneider Electric SE

>>evlink_city_evc1s22p4_firmware>>Versions before r8_v3.4.0.1(exclusive)

cpe:2.3:o:schneider-electric:evlink_city_evc1s22p4_firmware:*:*:*:*:*:*:*:*

Schneider Electric SE

>>evlink_city_evc1s22p4>>-

cpe:2.3:h:schneider-electric:evlink_city_evc1s22p4:-:*:*:*:*:*:*:*

Schneider Electric SE

>>evlink_city_evc1s7p4_firmware>>Versions before r8_v3.4.0.1(exclusive)

cpe:2.3:o:schneider-electric:evlink_city_evc1s7p4_firmware:*:*:*:*:*:*:*:*

Schneider Electric SE

>>evlink_city_evc1s7p4>>-

cpe:2.3:h:schneider-electric:evlink_city_evc1s7p4:-:*:*:*:*:*:*:*

Schneider Electric SE

>>evlink_parking_evw2_firmware>>Versions before r8_v3.4.0.1(exclusive)

cpe:2.3:o:schneider-electric:evlink_parking_evw2_firmware:*:*:*:*:*:*:*:*

Schneider Electric SE

>>evlink_parking_evw2>>-

cpe:2.3:h:schneider-electric:evlink_parking_evw2:-:*:*:*:*:*:*:*

Schneider Electric SE

>>evlink_parking_evf2_firmware>>Versions before r8_v3.4.0.1(exclusive)

cpe:2.3:o:schneider-electric:evlink_parking_evf2_firmware:*:*:*:*:*:*:*:*

Schneider Electric SE

>>evlink_parking_evf2>>-

cpe:2.3:h:schneider-electric:evlink_parking_evf2:-:*:*:*:*:*:*:*

Schneider Electric SE

>>evlink_parking_ev.2_firmware>>Versions before r8_v3.4.0.1(exclusive)

cpe:2.3:o:schneider-electric:evlink_parking_ev.2_firmware:*:*:*:*:*:*:*:*

Schneider Electric SE

>>evlink_parking_ev.2>>-

cpe:2.3:h:schneider-electric:evlink_parking_ev.2:-:*:*:*:*:*:*:*

Schneider Electric SE

>>evlink_smart_wallbox_evb1a_firmware>>Versions before r8_v3.4.0.1(exclusive)

cpe:2.3:o:schneider-electric:evlink_smart_wallbox_evb1a_firmware:*:*:*:*:*:*:*:*

Schneider Electric SE

>>evlink_smart_wallbox_evb1a>>-

cpe:2.3:h:schneider-electric:evlink_smart_wallbox_evb1a:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-331	Primary	cybersecurity@se.com

CWE ID: CWE-331

Type: Primary

Source: cybersecurity@se.com

References

Hyperlink	Source	Resource
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06	cybersecurity@se.com	Vendor Advisory

Hyperlink: http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06

Source: cybersecurity@se.com

Resource:

Vendor Advisory