cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-22822,https://securityvulnerability.io/vulnerability/CVE-2021-22822,Improper Neutralization of Input in Schneider Electric Charging Stations,"A vulnerability exists in Schneider Electric's EVlink charging stations that allows for improper neutralization of input during web page generation. This can enable attackers to craft malicious parameters and impersonate the managing user or execute actions on their behalf, potentially compromising the security and operation of the charging stations. All versions prior to R8 V3.4.0.2 of various EVlink models are affected, highlighting the importance for users to update their systems immediately.",Schneider Electric,Evlink City Evc1s22p4 Firmware,6.1,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2022-01-28T19:09:38.000Z,0
CVE-2021-22821,https://securityvulnerability.io/vulnerability/CVE-2021-22821,Server-Side Request Forgery Vulnerability in Schneider Electric EVlink Products,"A server-side request forgery (SSRF) vulnerability in Schneider Electric's EVlink products can lead to unauthorized network access. This flaw allows attackers to manipulate requests sent from the charging station web server, enabling them to target unintended network locations by exploiting crafted malicious parameters. Affected models include various versions of EVlink City, Parking, and Smart Wallbox products, all prior to software version R8 V3.4.0.2. Organizations using these products should take immediate action to apply the recommended updates to safeguard their network.",Schneider Electric,Evlink City Evc1s22p4 Firmware,8.6,HIGH,0.0008399999933317304,false,,false,false,false,,,false,false,,2022-01-28T19:09:37.000Z,0
CVE-2021-22820,https://securityvulnerability.io/vulnerability/CVE-2021-22820,Insufficient Session Expiration in EVlink Charging Stations by Schneider Electric,"This vulnerability allows an attacker to retain access to a compromised session on EVlink Charging Stations' web servers, even if the legitimate user has changed their password. If the session is not promptly terminated or expired, unauthorized users may exploit this flaw to gain continued access and control over the user's account. This poses significant risks to user security, as attackers could manipulate connected charging stations or alter configurations without the user’s consent.",Schneider Electric,Evlink City Evc1s22p4 Firmware,9.8,CRITICAL,0.002899999963119626,false,,false,false,false,,,false,false,,2022-01-28T19:09:36.000Z,0
CVE-2021-22818,https://securityvulnerability.io/vulnerability/CVE-2021-22818,Improper Authentication Attack Vulnerability in Schneider Electric EVlink Charging Stations,"A vulnerability exists in Schneider Electric's EVlink charging stations where improper restrictions on authentication attempts may enable unauthorized users to gain access to the web interface. This security flaw can be exploited through brute force attacks, potentially compromising the integrity of the device. Affected products include various models of EVlink City, Parking, and Smart Wallbox that are prior to the software version R8 V3.4.0.2. Users are encouraged to apply necessary security updates to mitigate this risk.",Schneider Electric,Evlink City Evc1s22p4 Firmware,7.5,HIGH,0.002199999988079071,false,,false,false,false,,,false,false,,2022-01-28T19:09:35.000Z,0
CVE-2021-22819,https://securityvulnerability.io/vulnerability/CVE-2021-22819,Improper UI Layer Restriction in Schneider Electric EVlink Products,"An improper restriction of rendered UI layers or frames vulnerability exists within Schneider Electric's EVlink products. This flaw can be exploited to manipulate product settings or user accounts by deceiving users into interacting with a web interface that is presented within iframes. This could lead to significant security risks, enabling attackers to make unauthorized changes without the user's knowledge. Users are advised to ensure they update to versions R8 V3.4.0.2 or later to mitigate this risk.",Schneider Electric,Evlink City Evc1s22p4 Firmware,4.3,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2022-01-28T19:09:35.000Z,0
CVE-2021-22725,https://securityvulnerability.io/vulnerability/CVE-2021-22725,Cross-Site Request Forgery Vulnerability in Schneider Electric Charging Stations,"A Cross-Site Request Forgery (CSRF) vulnerability allows an attacker to execute unauthorized actions on behalf of a user by exploiting crafted malicious parameters submitted in POST requests to the Schneider Electric charging station web server. This flaw affects multiple models, including EVlink City, EVlink Parking, and Smart Wallbox devices, which may put user accounts at risk if proper authentication measures are not implemented. To mitigate this issue, it is crucial for users to upgrade their systems to the recommended version R8 V3.4.0.2 or later.",Schneider Electric,Evc1s22p4 Firmware,8.8,HIGH,0.0007300000288523734,false,,false,false,false,,,false,false,,2022-01-28T19:09:34.000Z,0
CVE-2021-22724,https://securityvulnerability.io/vulnerability/CVE-2021-22724,Cross-Site Request Forgery in EVlink Charging Stations by Schneider Electric,"A Cross-Site Request Forgery vulnerability in Schneider Electric's EVlink products allows attackers to impersonate users and execute unauthorized actions. This occurs when attackers submit crafted malicious parameters in POST requests to the charging station's web server. The issue affects various models, including the EVlink City and Parking series, as well as the Smart Wallbox, specifically in all versions prior to R8 V3.4.0.2, posing significant security risks.",Schneider Electric,Evc1s22p4 Firmware,8.8,HIGH,0.0007300000288523734,false,,false,false,false,,,false,false,,2022-01-28T19:09:33.000Z,0