Description

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to craft a malicious firmware package and bypass the signature verification mechanism.

Related CPE's

o

schneider-electric

evlink_city_evc1s22p4_firmware

Vulnerable

h

schneider-electric

evlink_city_evc1s22p4

-

o

schneider-electric

evlink_city_evc1s7p4_firmware

Vulnerable

h

schneider-electric

evlink_city_evc1s7p4

-

o

schneider-electric

evlink_parking_evw2_firmware

Vulnerable

h

schneider-electric

evlink_parking_evw2

-

o

schneider-electric

evlink_parking_evf2_firmware

Vulnerable

h

schneider-electric

evlink_parking_evf2

-

o

schneider-electric

evlink_parking_ev.2_firmware

Vulnerable

h

schneider-electric

evlink_parking_ev.2

-

o

schneider-electric

evlink_smart_wallbox_evb1a_firmware

Vulnerable

h

schneider-electric

evlink_smart_wallbox_evb1a

-

References

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-347

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.2 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-07-21T15:15:14.270

3 years ago

Last modified

2021-07-28T14:44:57.037

3 years ago