CVE-2021-22707 Scanner
Detects 'Authentication Bypass' vulnerability in EVlink City affects v. prior to 3.4.0.1.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
30 days
Scan only one
Domain, IPv4
Toolbox
-
Vulnerability Overview:
CVE Identifier: CVE-2021-22707
Affected Products: EVlink City, EVlink Parking, and EVlink Smart Wallbox (versions prior to R8 V3.4.0.1)
Severity: Critical
Impact: Attackers can exploit this vulnerability to gain unauthorized administrative access to the charging station's web server, potentially leading to information disclosure, modification of data, or disruption of the charging service.
Vulnerability Details:
CVE-2021-22707 is a result of the implementation of hard-coded credentials within the firmware of affected EVlink products. These credentials can be used by attackers to authenticate as administrators without proper authorization. The vulnerability specifically exists within the web server of the charging stations, which, when accessed with the hard-coded credentials, grants the attacker administrative capabilities. This exploitation can lead to unauthorized command execution, alteration of charging station settings, and access to sensitive information.
The use of hard-coded credentials is a significant security oversight, as it provides an easy vector for attackers to gain elevated access. The issue underscores the importance of adhering to secure programming practices, particularly the avoidance of embedding credentials directly within the application or firmware.
The Importance of Mitigating CVE-2021-22707:
Mitigating CVE-2021-22707 is crucial for several reasons. Firstly, it prevents unauthorized access to the charging station's management interface, safeguarding against potential malicious activities. Secondly, it protects the integrity of the charging infrastructure, ensuring that charging services remain available and reliable. Finally, addressing this vulnerability helps maintain user trust in the safety and security of EV charging solutions provided by Schneider Electric.
The vulnerability's exploitation could lead to significant disruptions, including the unauthorized manipulation of charging processes or the extraction of sensitive data. Therefore, prompt action is required to secure the charging stations against potential attacks.
Why S4E?
S4E offers a dedicated CVE-2021-22707 Scanner, enabling organizations to identify and address this critical vulnerability swiftly. Our comprehensive scanning solutions are designed to detect vulnerabilities effectively, providing detailed insights and recommendations for enhancing the security posture of affected EVlink charging stations.
References