Schneider-electric Evlink Parking Evf2 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Schneider-electric Evlink Parking Evf2 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2021-22707 — CVSS 9.8 (critical): A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1)…
CVE-2021-22729 — CVSS 9.8 (critical): A CWE-259: Use of Hard-coded Password vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink…
CVE-2021-22730 — CVSS 9.8 (critical): A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1)…
CVE-2021-22727 — CVSS 9.8 (critical): A CWE-331: Insufficient Entropy vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink…
CVE-2021-22820 — CVSS 9.8 (critical): A CWE-614 Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain an unauthorized access over a…
CVE-2021-22821 — CVSS 8.6 (high): A CWE-918 Server-Side Request Forgery (SSRF) vulnerability exists that could cause the station web server to forward requests to unintended…
CVE-2021-22726 — CVSS 8.1 (high): A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1)…
CVE-2021-22774 — CVSS 7.5 (high): A CWE-759: Use of a One-Way Hash without a Salt vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8…
CVE-2021-22818 — CVSS 7.5 (high): A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to gain unauthorized…
CVE-2021-22708 — CVSS 7.2 (high): A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to…
CVE-2021-22728 — CVSS 6.5 (medium): A CWE-200: Information Exposure vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink…
CVE-2021-22773 — CVSS 6.5 (medium): A CWE-620: Unverified Password Change vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink…
CVE-2021-22822 — CVSS 6.1 (medium): A CWE-79 Improper Neutralization of Input During Web Page Generation (�Cross-site Scripting�) vulnerability exists that could allow an…
CVE-2021-22723 — CVSS 6.1 (medium): A CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-siteScripting) through Cross-Site Request Forgery (CSRF)…
CVE-2021-22706 — CVSS 6.1 (medium): A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in EVlink City…
CVE-2021-22722 — CVSS 5.4 (medium): A CWE-79: Improper Neutralization of Input During Web Page Generation ('Stored Cross-site Scripting') vulnerability exists in EVlink City…
CVE-2021-22721 — CVSS 5.3 (medium): A CWE-200: Information Exposure vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink…
CVE-2021-22819 — CVSS 4.3 (medium): A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the…