Products

Solutions

Company

Book A Live Demo

CVE-2021-22728 : Security Advisory and Response

Discover the impact of CVE-2021-22728, an Information Exposure vulnerability in EVlink City, EVlink Parking, and EVlink Smart Wallbox, potentially leading to encrypted credentials disclosure.

A CWE-200: Information Exposure vulnerability exists in EVlink City, EVlink Parking, and EVlink Smart Wallbox that could lead to the disclosure of encrypted credentials when consulting the maintenance report.

Understanding CVE-2021-22728

This CVE involves an Information Exposure vulnerability in Schneider Electric's EVlink City, EVlink Parking, and EVlink Smart Wallbox.

What is CVE-2021-22728?

CVE-2021-22728 highlights a security flaw in multiple Schneider Electric products that could potentially expose encrypted credentials when accessing maintenance reports.

The Impact of CVE-2021-22728

If exploited, this vulnerability could result in the unauthorized disclosure of sensitive information, including encrypted credentials, posing a risk to the confidentiality of user data.

Technical Details of CVE-2021-22728

This section provides a deeper insight into the vulnerability's description, affected systems and versions, as well as the exploitation mechanism.

Vulnerability Description

The vulnerability allows for the exposure of encrypted credentials during the maintenance report retrieval process in EVlink City, EVlink Parking, and EVlink Smart Wallbox.

Affected Systems and Versions

EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1) are impacted by this vulnerability.

Exploitation Mechanism

By exploiting this vulnerability, threat actors could potentially gain unauthorized access to sensitive encrypted credentials during the maintenance report query process.

Mitigation and Prevention

Explore the necessary steps for immediate resolution and long-term security practices to safeguard against CVE-2021-22728.

Immediate Steps to Take

Immediately update affected devices to the latest version (R8 V3.4.0.1) to mitigate the Information Exposure vulnerability.

Long-Term Security Practices

Implement robust security measures, such as regular security audits and user awareness training, to enhance overall cybersecurity posture.

Patching and Updates

Stay informed about security updates from Schneider Electric and promptly apply patches and firmware updates to address known vulnerabilities.

CVE-2021-22728 : Security Advisory and Response

Understanding CVE-2021-22728

What is CVE-2021-22728?

The Impact of CVE-2021-22728

Technical Details of CVE-2021-22728

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now

CVE-2021-22728 : Security Advisory and Response

.css-lczsrn{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:24px;font-weight:700;margin-top:1rem;font-family:sans-serif;}Understanding CVE-2021-22728

.css-ru2q5j{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:1.2rem;font-weight:700;margin-top:1rem;margin-bottom:0rem;font-family:sans-serif;}What is CVE-2021-22728?

The Impact of CVE-2021-22728

Technical Details of CVE-2021-22728

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities? Find Out Now

Understanding CVE-2021-22728

What is CVE-2021-22728?

Is your System Free of Underlying Vulnerabilities?
Find Out Now