cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-22822,https://securityvulnerability.io/vulnerability/CVE-2021-22822,Improper Neutralization of Input in Schneider Electric Charging Stations,"A vulnerability exists in Schneider Electric's EVlink charging stations that allows for improper neutralization of input during web page generation. This can enable attackers to craft malicious parameters and impersonate the managing user or execute actions on their behalf, potentially compromising the security and operation of the charging stations. All versions prior to R8 V3.4.0.2 of various EVlink models are affected, highlighting the importance for users to update their systems immediately.",Schneider Electric,Evlink City Evc1s22p4 Firmware,6.1,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2022-01-28T19:09:38.000Z,0
CVE-2021-22821,https://securityvulnerability.io/vulnerability/CVE-2021-22821,Server-Side Request Forgery Vulnerability in Schneider Electric EVlink Products,"A server-side request forgery (SSRF) vulnerability in Schneider Electric's EVlink products can lead to unauthorized network access. This flaw allows attackers to manipulate requests sent from the charging station web server, enabling them to target unintended network locations by exploiting crafted malicious parameters. Affected models include various versions of EVlink City, Parking, and Smart Wallbox products, all prior to software version R8 V3.4.0.2. Organizations using these products should take immediate action to apply the recommended updates to safeguard their network.",Schneider Electric,Evlink City Evc1s22p4 Firmware,8.6,HIGH,0.0008399999933317304,false,,false,false,false,,,false,false,,2022-01-28T19:09:37.000Z,0
CVE-2021-22820,https://securityvulnerability.io/vulnerability/CVE-2021-22820,Insufficient Session Expiration in EVlink Charging Stations by Schneider Electric,"This vulnerability allows an attacker to retain access to a compromised session on EVlink Charging Stations' web servers, even if the legitimate user has changed their password. If the session is not promptly terminated or expired, unauthorized users may exploit this flaw to gain continued access and control over the user's account. This poses significant risks to user security, as attackers could manipulate connected charging stations or alter configurations without the user’s consent.",Schneider Electric,Evlink City Evc1s22p4 Firmware,9.8,CRITICAL,0.002899999963119626,false,,false,false,false,,,false,false,,2022-01-28T19:09:36.000Z,0
CVE-2021-22818,https://securityvulnerability.io/vulnerability/CVE-2021-22818,Improper Authentication Attack Vulnerability in Schneider Electric EVlink Charging Stations,"A vulnerability exists in Schneider Electric's EVlink charging stations where improper restrictions on authentication attempts may enable unauthorized users to gain access to the web interface. This security flaw can be exploited through brute force attacks, potentially compromising the integrity of the device. Affected products include various models of EVlink City, Parking, and Smart Wallbox that are prior to the software version R8 V3.4.0.2. Users are encouraged to apply necessary security updates to mitigate this risk.",Schneider Electric,Evlink City Evc1s22p4 Firmware,7.5,HIGH,0.002199999988079071,false,,false,false,false,,,false,false,,2022-01-28T19:09:35.000Z,0
CVE-2021-22819,https://securityvulnerability.io/vulnerability/CVE-2021-22819,Improper UI Layer Restriction in Schneider Electric EVlink Products,"An improper restriction of rendered UI layers or frames vulnerability exists within Schneider Electric's EVlink products. This flaw can be exploited to manipulate product settings or user accounts by deceiving users into interacting with a web interface that is presented within iframes. This could lead to significant security risks, enabling attackers to make unauthorized changes without the user's knowledge. Users are advised to ensure they update to versions R8 V3.4.0.2 or later to mitigate this risk.",Schneider Electric,Evlink City Evc1s22p4 Firmware,4.3,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2022-01-28T19:09:35.000Z,0