Products

Solutions

Company

Book A Live Demo

CVE-2021-22820 : What You Need to Know

Learn about CVE-2021-22820, a CWE-614 Insufficient Session Expiration vulnerability in Schneider Electric's EVlink City, EVlink Parking, and EVlink Smart Wallbox products, allowing unauthorized access to the charger station web server.

A CWE-614 Insufficient Session Expiration vulnerability exists in the charger station web server, allowing an attacker to maintain unauthorized access even after the user changes their password. This vulnerability affects Schneider Electric's EVlink City, EVlink Parking, and EVlink Smart Wallbox products.

Understanding CVE-2021-22820

This CVE-2021-22820 vulnerability poses a risk of persistent unauthorized access to the charger station web server due to insufficient session expiration mechanisms.

What is CVE-2021-22820?

CVE-2021-22820 is a security vulnerability related to insufficient session expiration, enabling attackers to retain unauthorized access to the EVlink City, EVlink Parking, and EVlink Smart Wallbox products.

The Impact of CVE-2021-22820

The impact of this vulnerability is significant as it allows attackers to maintain access to the charger station web server even after legitimate users change their account passwords.

Technical Details of CVE-2021-22820

This section provides more insights into the vulnerability, affected systems, and exploitation mechanism.

Vulnerability Description

The CWE-614 vulnerability enables attackers to persistently access the charger station web server.

Affected Systems and Versions

Schneider Electric's affected products include EVlink City EVC1S22P4 / EVC1S7P4, EVlink Parking EVW2 / EVF2 / EVP2PE, and EVlink Smart Wallbox EVB1A, all versions before R8 V3.4.0.2.

Exploitation Mechanism

Attackers can exploit this vulnerability by hijacking a session to the charger station web server and maintaining unauthorized access.

Mitigation and Prevention

To safeguard against CVE-2021-22820, follow these immediate steps and implement long-term security practices.

Immediate Steps to Take

Update affected products to version R8 V3.4.0.2 or later

Monitor for any unauthorized access

Long-Term Security Practices

Implement strong session management controls

Regularly update and patch all network-connected devices

Patching and Updates

Ensure all Schneider Electric products are regularly updated with the latest security patches and fixes.

CVE-2021-22820 : What You Need to Know

Understanding CVE-2021-22820

What is CVE-2021-22820?

The Impact of CVE-2021-22820

Technical Details of CVE-2021-22820

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now

CVE-2021-22820 : What You Need to Know

.css-lczsrn{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:24px;font-weight:700;margin-top:1rem;font-family:sans-serif;}Understanding CVE-2021-22820

.css-ru2q5j{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:1.2rem;font-weight:700;margin-top:1rem;margin-bottom:0rem;font-family:sans-serif;}What is CVE-2021-22820?

The Impact of CVE-2021-22820

Technical Details of CVE-2021-22820

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities? Find Out Now

Understanding CVE-2021-22820

What is CVE-2021-22820?

Is your System Free of Underlying Vulnerabilities?
Find Out Now