cvelistv5 - CVE-2021-22723

CVE-2021-22723 (GCVE-0-2021-22723)

Vulnerability from cvelistv5 – Published: 2021-07-21 10:43 – Updated: 2024-08-03 18:51

Summary

A CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-siteScripting) through Cross-Site Request Forgery (CSRF) vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted malicious parameters are submitted to the charging station web server.

Severity ?

No CVSS data available.

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

schneider

References

URL

Tags

http://download.schneider-electric.com/files?p_Do…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 )	Affected: EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 )

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:51:07.018Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 )",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 )"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-siteScripting) through Cross-Site Request Forgery (CSRF) vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted malicious parameters are submitted to the charging station web server."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-21T10:43:10",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2021-22723",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 )",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 )"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-siteScripting) through Cross-Site Request Forgery (CSRF) vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted malicious parameters are submitted to the charging station web server."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06",
              "refsource": "MISC",
              "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2021-22723",
    "datePublished": "2021-07-21T10:43:10",
    "dateReserved": "2021-01-06T00:00:00",
    "dateUpdated": "2024-08-03T18:51:07.018Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:schneider-electric:evlink_city_evc1s22p4_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"r8_v3.4.0.1\", \"matchCriteriaId\": \"28E02076-32CB-4729-B7D1-ACD0A5344A67\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:evlink_city_evc1s22p4:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AA9F3DA4-C027-4210-8A2B-87121373CE60\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:schneider-electric:evlink_city_evc1s7p4_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"r8_v3.4.0.1\", \"matchCriteriaId\": \"243AD74C-064A-49E4-9233-296C090AF0FB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:evlink_city_evc1s7p4:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C224B6C5-BCA4-400A-A50E-017843825356\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:schneider-electric:evlink_parking_evw2_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"r8_v3.4.0.1\", \"matchCriteriaId\": \"3B6C21FB-1F08-4E28-81A8-489B7A64D1AA\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:evlink_parking_evw2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"58F33653-E41D-499A-BD44-0D294C003D7B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:schneider-electric:evlink_parking_evf2_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"r8_v3.4.0.1\", \"matchCriteriaId\": \"8EB862A8-30DC-4CCF-B88D-853CCC045080\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:evlink_parking_evf2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B266B002-6C10-4E0B-B14C-9C0A55070CD8\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:schneider-electric:evlink_parking_ev.2_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"r8_v3.4.0.1\", \"matchCriteriaId\": \"91F956D0-DFA0-4E31-88F8-DCB304CDF794\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:evlink_parking_ev.2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"84800086-3C16-4C24-B64C-C9959089F903\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:schneider-electric:evlink_smart_wallbox_evb1a_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"r8_v3.4.0.1\", \"matchCriteriaId\": \"B910950C-FF66-47D6-B951-A0EC8556E2F5\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:schneider-electric:evlink_smart_wallbox_evb1a:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC5D698C-6161-4F6D-94CE-01A0ECA95C47\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-siteScripting) through Cross-Site Request Forgery (CSRF) vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted malicious parameters are submitted to the charging station web server.\"}, {\"lang\": \"es\", \"value\": \"A CWE-79: Se presenta una vulnerabilidad de Neutralizaci\\u00f3n Inapropiada de la Entrada Durante la Generaci\\u00f3n de la P\\u00e1gina Web (Cross-siteScripting) mediante un ataque de tipo Cross-Site Request Forgery (CSRF) en EVlink City (EVC1S22P4 / EVC1S7P4 todas las versiones anteriores a R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 todas las versiones anteriores a R8 V3.4.0.1), y EVlink Smart Wallbox (EVB1A todas las versiones anteriores a R8 V3.4.0.1 ) que podr\\u00eda permitir a un atacante hacerse pasar por el usuario que administra la estaci\\u00f3n de carga o realizar acciones en su nombre cuando son enviados par\\u00e1metros maliciosos dise\\u00f1ados al servidor web de la estaci\\u00f3n de carga\"}]",
      "id": "CVE-2021-22723",
      "lastModified": "2024-11-21T05:50:32.027",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2021-07-21T15:15:14.480",
      "references": "[{\"url\": \"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06\", \"source\": \"cybersecurity@se.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cybersecurity@se.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"cybersecurity@se.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-22723\",\"sourceIdentifier\":\"cybersecurity@se.com\",\"published\":\"2021-07-21T15:15:14.480\",\"lastModified\":\"2024-11-21T05:50:32.027\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-siteScripting) through Cross-Site Request Forgery (CSRF) vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted malicious parameters are submitted to the charging station web server.\"},{\"lang\":\"es\",\"value\":\"A CWE-79: Se presenta una vulnerabilidad de Neutralizaci\u00f3n Inapropiada de la Entrada Durante la Generaci\u00f3n de la P\u00e1gina Web (Cross-siteScripting) mediante un ataque de tipo Cross-Site Request Forgery (CSRF) en EVlink City (EVC1S22P4 / EVC1S7P4 todas las versiones anteriores a R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 todas las versiones anteriores a R8 V3.4.0.1), y EVlink Smart Wallbox (EVB1A todas las versiones anteriores a R8 V3.4.0.1 ) que podr\u00eda permitir a un atacante hacerse pasar por el usuario que administra la estaci\u00f3n de carga o realizar acciones en su nombre cuando son enviados par\u00e1metros maliciosos dise\u00f1ados al servidor web de la estaci\u00f3n de carga\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"cybersecurity@se.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:evlink_city_evc1s22p4_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"r8_v3.4.0.1\",\"matchCriteriaId\":\"28E02076-32CB-4729-B7D1-ACD0A5344A67\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:evlink_city_evc1s22p4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA9F3DA4-C027-4210-8A2B-87121373CE60\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:evlink_city_evc1s7p4_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"r8_v3.4.0.1\",\"matchCriteriaId\":\"243AD74C-064A-49E4-9233-296C090AF0FB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:evlink_city_evc1s7p4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C224B6C5-BCA4-400A-A50E-017843825356\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:evlink_parking_evw2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"r8_v3.4.0.1\",\"matchCriteriaId\":\"3B6C21FB-1F08-4E28-81A8-489B7A64D1AA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:evlink_parking_evw2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58F33653-E41D-499A-BD44-0D294C003D7B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:evlink_parking_evf2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"r8_v3.4.0.1\",\"matchCriteriaId\":\"8EB862A8-30DC-4CCF-B88D-853CCC045080\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:evlink_parking_evf2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B266B002-6C10-4E0B-B14C-9C0A55070CD8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:evlink_parking_ev.2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"r8_v3.4.0.1\",\"matchCriteriaId\":\"91F956D0-DFA0-4E31-88F8-DCB304CDF794\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:evlink_parking_ev.2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84800086-3C16-4C24-B64C-C9959089F903\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:evlink_smart_wallbox_evb1a_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"r8_v3.4.0.1\",\"matchCriteriaId\":\"B910950C-FF66-47D6-B951-A0EC8556E2F5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:evlink_smart_wallbox_evb1a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC5D698C-6161-4F6D-94CE-01A0ECA95C47\"}]}]}],\"references\":[{\"url\":\"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06\",\"source\":\"cybersecurity@se.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2021-AVI-517

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Schneider. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un dénis de service, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

EcoStruxure Control Expert toutes versions (versions Unity Pro inclus) antérieures 15.0 SP1
EcoStruxure Control Expert version antérieures à V15.0 SP1 sans le dernier correctif
EcoStruxure Process Expert toutes versions (versions EcoStruxure Hybrid DCS inclus)
SCADAPack RemoteConnect for x70 toutes versions
Modicon M580 CPU (part numbers BMEP* et BMEH*) toutes versions
Modicon M340 CPU (part numbers BMXP34*) toutes versions
SoSafe Configurable versions antérieures à 1.8.1
C-Bus Toolkit versions antérieures à 1.15.9
Easergy T300 avec un microgiciel (firmware) en versions antérieures à 2.8
Easergy T200 (Modbus) versions antérieures à SC2-04MOD-07000103
Easergy T200 (IEC104) versions antérieures à SC2-04IEC-07000103
Easergy T200 (DNP3) versions antérieures à SC2-04DNP-07000103
EVlink CityEVC1S22P4 / EVC1S7P4 versions antérieures à R8 V3.4.0.1
EVlink ParkingEVW2 / EVF2 / EV.2 versions antérieures à R8 V3.4.0.1
EVlink Smart WallboxEVB1A versions antérieures à R8 V3.4.0.1

Note : Actuellement, aucun correctif n'est proposé pour les vulnérabilités dans les produits EcoStruxure Process Expert, Modicon M580, Modicon M340 et SCADAPack. Cependant des mesures de contournement sont proposées par l'éditeur pour les produits Modicon M580 et M340 afin de réduire le risque et l'impact d'exploitation de la CVE-2021-22779.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider SEVD-2021-194-04 du 13 juillet 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-194-03 du 13 juillet 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-194-02 du 13 juillet 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-194-05 du 13 juillet 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-194-06 du 13 juillet 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-194-01 du 13 juillet 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eEcoStruxure Control Expert toutes versions (versions Unity Pro inclus) ant\u00e9rieures 15.0 SP1\u003c/li\u003e \u003cli\u003eEcoStruxure Control Expert version ant\u00e9rieures \u00e0 V15.0 SP1 sans le dernier correctif\u003c/li\u003e \u003cli\u003eEcoStruxure Process Expert toutes versions (versions EcoStruxure Hybrid DCS inclus)\u003c/li\u003e \u003cli\u003eSCADAPack RemoteConnect for x70 toutes versions\u003c/li\u003e \u003cli\u003eModicon M580 CPU (part numbers BMEP* et BMEH*) toutes versions\u003c/li\u003e \u003cli\u003eModicon M340 CPU (part numbers BMXP34*) toutes versions\u003c/li\u003e \u003cli\u003eSoSafe Configurable versions ant\u00e9rieures \u00e0 1.8.1\u003c/li\u003e \u003cli\u003eC-Bus Toolkit versions ant\u00e9rieures \u00e0 1.15.9\u003c/li\u003e \u003cli\u003eEasergy T300 avec un microgiciel (firmware) en versions ant\u00e9rieures \u00e0 2.8\u003c/li\u003e \u003cli\u003eEasergy T200 (Modbus) versions ant\u00e9rieures \u00e0 SC2-04MOD-07000103\u003c/li\u003e \u003cli\u003eEasergy T200 (IEC104) versions ant\u00e9rieures \u00e0 SC2-04IEC-07000103\u003c/li\u003e \u003cli\u003eEasergy T200 (DNP3) versions ant\u00e9rieures \u00e0 SC2-04DNP-07000103\u003c/li\u003e \u003cli\u003eEVlink CityEVC1S22P4 / EVC1S7P4 versions ant\u00e9rieures \u00e0 R8 V3.4.0.1\u003c/li\u003e \u003cli\u003eEVlink ParkingEVW2 / EVF2 / EV.2 versions ant\u00e9rieures \u00e0 R8 V3.4.0.1\u003c/li\u003e \u003cli\u003eEVlink Smart WallboxEVB1A versions ant\u00e9rieures \u00e0 R8 V3.4.0.1\u003c/li\u003e \u003c/ul\u003e \u003cp\u003e\u003cem\u003eNote : Actuellement, aucun correctif n\u0027est propos\u00e9 pour les vuln\u00e9rabilit\u00e9s dans les produits EcoStruxure Process Expert, Modicon M580, Modicon M340 et SCADAPack. Cependant des mesures de contournement sont propos\u00e9es par l\u0027\u00e9diteur pour les produits Modicon M580 et M340 afin de r\u00e9duire le risque et l\u0027impact d\u0027exploitation de la CVE-2021-22779.\u003c/em\u003e\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-22771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22771"
    },
    {
      "name": "CVE-2021-22721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22721"
    },
    {
      "name": "CVE-2021-22779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22779"
    },
    {
      "name": "CVE-2021-22781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22781"
    },
    {
      "name": "CVE-2021-22777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22777"
    },
    {
      "name": "CVE-2021-22780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22780"
    },
    {
      "name": "CVE-2021-22729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22729"
    },
    {
      "name": "CVE-2021-22708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22708"
    },
    {
      "name": "CVE-2021-22727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22727"
    },
    {
      "name": "CVE-2021-22774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22774"
    },
    {
      "name": "CVE-2021-22773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22773"
    },
    {
      "name": "CVE-2021-22706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22706"
    },
    {
      "name": "CVE-2021-22782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22782"
    },
    {
      "name": "CVE-2021-22778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22778"
    },
    {
      "name": "CVE-2021-22728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22728"
    },
    {
      "name": "CVE-2021-22730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22730"
    },
    {
      "name": "CVE-2021-22770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22770"
    },
    {
      "name": "CVE-2021-22784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22784"
    },
    {
      "name": "CVE-2021-22769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22769"
    },
    {
      "name": "CVE-2021-22723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22723"
    },
    {
      "name": "CVE-2021-22726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22726"
    },
    {
      "name": "CVE-2021-22722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22722"
    },
    {
      "name": "CVE-2020-12525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12525"
    },
    {
      "name": "CVE-2021-22772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22772"
    },
    {
      "name": "CVE-2021-22707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22707"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-517",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-07-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire, un d\u00e9nis de service, un\ncontournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-194-04 du 13 juillet 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-04"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-194-03 du 13 juillet 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-03"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-194-02 du 13 juillet 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-194-05 du 13 juillet 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-05"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-194-06 du 13 juillet 2021",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2021-194-06_EVlink_City_Parking_SmartWallbox_Charging_Stations_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2021-194-06"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-194-01 du 13 juillet 2021",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2021-194-01_EcoStruxure_Control_Expert_Process_Expert_SCADAPack_RemoteConnect_Modicon_M580_M340.pdf\u0026p_Doc_Ref=SEVD-2021-194-01"
    }
  ]
}

CERTFR-2021-AVI-517

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

EcoStruxure Control Expert toutes versions (versions Unity Pro inclus) antérieures 15.0 SP1
EcoStruxure Control Expert version antérieures à V15.0 SP1 sans le dernier correctif
EcoStruxure Process Expert toutes versions (versions EcoStruxure Hybrid DCS inclus)
SCADAPack RemoteConnect for x70 toutes versions
Modicon M580 CPU (part numbers BMEP* et BMEH*) toutes versions
Modicon M340 CPU (part numbers BMXP34*) toutes versions
SoSafe Configurable versions antérieures à 1.8.1
C-Bus Toolkit versions antérieures à 1.15.9
Easergy T300 avec un microgiciel (firmware) en versions antérieures à 2.8
Easergy T200 (Modbus) versions antérieures à SC2-04MOD-07000103
Easergy T200 (IEC104) versions antérieures à SC2-04IEC-07000103
Easergy T200 (DNP3) versions antérieures à SC2-04DNP-07000103
EVlink CityEVC1S22P4 / EVC1S7P4 versions antérieures à R8 V3.4.0.1
EVlink ParkingEVW2 / EVF2 / EV.2 versions antérieures à R8 V3.4.0.1
EVlink Smart WallboxEVB1A versions antérieures à R8 V3.4.0.1

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider SEVD-2021-194-04 du 13 juillet 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-194-03 du 13 juillet 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-194-02 du 13 juillet 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-194-05 du 13 juillet 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-194-06 du 13 juillet 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-194-01 du 13 juillet 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eEcoStruxure Control Expert toutes versions (versions Unity Pro inclus) ant\u00e9rieures 15.0 SP1\u003c/li\u003e \u003cli\u003eEcoStruxure Control Expert version ant\u00e9rieures \u00e0 V15.0 SP1 sans le dernier correctif\u003c/li\u003e \u003cli\u003eEcoStruxure Process Expert toutes versions (versions EcoStruxure Hybrid DCS inclus)\u003c/li\u003e \u003cli\u003eSCADAPack RemoteConnect for x70 toutes versions\u003c/li\u003e \u003cli\u003eModicon M580 CPU (part numbers BMEP* et BMEH*) toutes versions\u003c/li\u003e \u003cli\u003eModicon M340 CPU (part numbers BMXP34*) toutes versions\u003c/li\u003e \u003cli\u003eSoSafe Configurable versions ant\u00e9rieures \u00e0 1.8.1\u003c/li\u003e \u003cli\u003eC-Bus Toolkit versions ant\u00e9rieures \u00e0 1.15.9\u003c/li\u003e \u003cli\u003eEasergy T300 avec un microgiciel (firmware) en versions ant\u00e9rieures \u00e0 2.8\u003c/li\u003e \u003cli\u003eEasergy T200 (Modbus) versions ant\u00e9rieures \u00e0 SC2-04MOD-07000103\u003c/li\u003e \u003cli\u003eEasergy T200 (IEC104) versions ant\u00e9rieures \u00e0 SC2-04IEC-07000103\u003c/li\u003e \u003cli\u003eEasergy T200 (DNP3) versions ant\u00e9rieures \u00e0 SC2-04DNP-07000103\u003c/li\u003e \u003cli\u003eEVlink CityEVC1S22P4 / EVC1S7P4 versions ant\u00e9rieures \u00e0 R8 V3.4.0.1\u003c/li\u003e \u003cli\u003eEVlink ParkingEVW2 / EVF2 / EV.2 versions ant\u00e9rieures \u00e0 R8 V3.4.0.1\u003c/li\u003e \u003cli\u003eEVlink Smart WallboxEVB1A versions ant\u00e9rieures \u00e0 R8 V3.4.0.1\u003c/li\u003e \u003c/ul\u003e \u003cp\u003e\u003cem\u003eNote : Actuellement, aucun correctif n\u0027est propos\u00e9 pour les vuln\u00e9rabilit\u00e9s dans les produits EcoStruxure Process Expert, Modicon M580, Modicon M340 et SCADAPack. Cependant des mesures de contournement sont propos\u00e9es par l\u0027\u00e9diteur pour les produits Modicon M580 et M340 afin de r\u00e9duire le risque et l\u0027impact d\u0027exploitation de la CVE-2021-22779.\u003c/em\u003e\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-22771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22771"
    },
    {
      "name": "CVE-2021-22721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22721"
    },
    {
      "name": "CVE-2021-22779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22779"
    },
    {
      "name": "CVE-2021-22781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22781"
    },
    {
      "name": "CVE-2021-22777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22777"
    },
    {
      "name": "CVE-2021-22780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22780"
    },
    {
      "name": "CVE-2021-22729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22729"
    },
    {
      "name": "CVE-2021-22708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22708"
    },
    {
      "name": "CVE-2021-22727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22727"
    },
    {
      "name": "CVE-2021-22774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22774"
    },
    {
      "name": "CVE-2021-22773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22773"
    },
    {
      "name": "CVE-2021-22706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22706"
    },
    {
      "name": "CVE-2021-22782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22782"
    },
    {
      "name": "CVE-2021-22778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22778"
    },
    {
      "name": "CVE-2021-22728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22728"
    },
    {
      "name": "CVE-2021-22730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22730"
    },
    {
      "name": "CVE-2021-22770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22770"
    },
    {
      "name": "CVE-2021-22784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22784"
    },
    {
      "name": "CVE-2021-22769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22769"
    },
    {
      "name": "CVE-2021-22723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22723"
    },
    {
      "name": "CVE-2021-22726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22726"
    },
    {
      "name": "CVE-2021-22722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22722"
    },
    {
      "name": "CVE-2020-12525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12525"
    },
    {
      "name": "CVE-2021-22772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22772"
    },
    {
      "name": "CVE-2021-22707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22707"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-517",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-07-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire, un d\u00e9nis de service, un\ncontournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-194-04 du 13 juillet 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-04"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-194-03 du 13 juillet 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-03"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-194-02 du 13 juillet 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-02"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-194-05 du 13 juillet 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-05"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-194-06 du 13 juillet 2021",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2021-194-06_EVlink_City_Parking_SmartWallbox_Charging_Stations_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2021-194-06"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-194-01 du 13 juillet 2021",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2021-194-01_EcoStruxure_Control_Expert_Process_Expert_SCADAPack_RemoteConnect_Modicon_M580_M340.pdf\u0026p_Doc_Ref=SEVD-2021-194-01"
    }
  ]
}

GHSA-2QQJ-33Q9-MW4M

Vulnerability from github – Published: 2022-05-24 19:08 – Updated: 2022-05-24 19:08

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-22723"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-21T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-siteScripting) through Cross-Site Request Forgery (CSRF) vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted malicious parameters are submitted to the charging station web server.",
  "id": "GHSA-2qqj-33q9-mw4m",
  "modified": "2022-05-24T19:08:48Z",
  "published": "2022-05-24T19:08:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22723"
    },
    {
      "type": "WEB",
      "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2021-22723

Vulnerability from fkie_nvd - Published: 2021-07-21 15:15 - Updated: 2024-11-21 05:50

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

	URL	Tags
	cybersecurity@se.com	http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06	Vendor Advisory

Impacted products

Vendor	Product	Version
schneider-electric	evlink_city_evc1s22p4_firmware	*
schneider-electric	evlink_city_evc1s22p4	-
schneider-electric	evlink_city_evc1s7p4_firmware	*
schneider-electric	evlink_city_evc1s7p4	-
schneider-electric	evlink_parking_evw2_firmware	*
schneider-electric	evlink_parking_evw2	-
schneider-electric	evlink_parking_evf2_firmware	*
schneider-electric	evlink_parking_evf2	-
schneider-electric	evlink_parking_ev.2_firmware	*
schneider-electric	evlink_parking_ev.2	-
schneider-electric	evlink_smart_wallbox_evb1a_firmware	*
schneider-electric	evlink_smart_wallbox_evb1a	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:evlink_city_evc1s22p4_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "28E02076-32CB-4729-B7D1-ACD0A5344A67",
              "versionEndExcluding": "r8_v3.4.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:evlink_city_evc1s22p4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA9F3DA4-C027-4210-8A2B-87121373CE60",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:evlink_city_evc1s7p4_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "243AD74C-064A-49E4-9233-296C090AF0FB",
              "versionEndExcluding": "r8_v3.4.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:evlink_city_evc1s7p4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C224B6C5-BCA4-400A-A50E-017843825356",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:evlink_parking_evw2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B6C21FB-1F08-4E28-81A8-489B7A64D1AA",
              "versionEndExcluding": "r8_v3.4.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:evlink_parking_evw2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "58F33653-E41D-499A-BD44-0D294C003D7B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:evlink_parking_evf2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EB862A8-30DC-4CCF-B88D-853CCC045080",
              "versionEndExcluding": "r8_v3.4.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:evlink_parking_evf2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B266B002-6C10-4E0B-B14C-9C0A55070CD8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:evlink_parking_ev.2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "91F956D0-DFA0-4E31-88F8-DCB304CDF794",
              "versionEndExcluding": "r8_v3.4.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:evlink_parking_ev.2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "84800086-3C16-4C24-B64C-C9959089F903",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:evlink_smart_wallbox_evb1a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B910950C-FF66-47D6-B951-A0EC8556E2F5",
              "versionEndExcluding": "r8_v3.4.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:evlink_smart_wallbox_evb1a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC5D698C-6161-4F6D-94CE-01A0ECA95C47",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-siteScripting) through Cross-Site Request Forgery (CSRF) vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted malicious parameters are submitted to the charging station web server."
    },
    {
      "lang": "es",
      "value": "A CWE-79: Se presenta una vulnerabilidad de Neutralizaci\u00f3n Inapropiada de la Entrada Durante la Generaci\u00f3n de la P\u00e1gina Web (Cross-siteScripting) mediante un ataque de tipo Cross-Site Request Forgery (CSRF) en EVlink City (EVC1S22P4 / EVC1S7P4 todas las versiones anteriores a R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 todas las versiones anteriores a R8 V3.4.0.1), y EVlink Smart Wallbox (EVB1A todas las versiones anteriores a R8 V3.4.0.1 ) que podr\u00eda permitir a un atacante hacerse pasar por el usuario que administra la estaci\u00f3n de carga o realizar acciones en su nombre cuando son enviados par\u00e1metros maliciosos dise\u00f1ados al servidor web de la estaci\u00f3n de carga"
    }
  ],
  "id": "CVE-2021-22723",
  "lastModified": "2024-11-21T05:50:32.027",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-07-21T15:15:14.480",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Primary"
    }
  ]
}

GSD-2021-22723

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-22723

Aliases

CVE-2021-22723

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-22723",
    "description": "A CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-siteScripting) through Cross-Site Request Forgery (CSRF) vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted malicious parameters are submitted to the charging station web server.",
    "id": "GSD-2021-22723"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-22723"
      ],
      "details": "A CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-siteScripting) through Cross-Site Request Forgery (CSRF) vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted malicious parameters are submitted to the charging station web server.",
      "id": "GSD-2021-22723",
      "modified": "2023-12-13T01:23:24.604459Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cybersecurity@schneider-electric.com",
        "ID": "CVE-2021-22723",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 )",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 )"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-siteScripting) through Cross-Site Request Forgery (CSRF) vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted malicious parameters are submitted to the charging station web server."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06",
            "refsource": "MISC",
            "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:evlink_city_evc1s22p4_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "r8_v3.4.0.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:evlink_city_evc1s22p4:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:evlink_city_evc1s7p4_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "r8_v3.4.0.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:evlink_city_evc1s7p4:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:evlink_parking_evw2_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "r8_v3.4.0.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:evlink_parking_evw2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:evlink_parking_evf2_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "r8_v3.4.0.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:evlink_parking_evf2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:evlink_parking_ev.2_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "r8_v3.4.0.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:evlink_parking_ev.2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:evlink_smart_wallbox_evb1a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "r8_v3.4.0.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:evlink_smart_wallbox_evb1a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2021-22723"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-siteScripting) through Cross-Site Request Forgery (CSRF) vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted malicious parameters are submitted to the charging station web server."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2021-07-28T14:46Z",
      "publishedDate": "2021-07-21T15:15Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-22723 (GCVE-0-2021-22723)

CERTFR-2021-AVI-517

Solution

CERTFR-2021-AVI-517

Solution

GHSA-2QQJ-33Q9-MW4M

FKIE_CVE-2021-22723

GSD-2021-22723

Tags

Sightings

Nomenclature