A CWE-614 Insufficient Session Expiration vulnerability exists that could allow an malicious user to maintain an unauthorized access over a hijacked session to the charger station web server even after the legitimate user account holder has changed his password. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2)
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
schneider-electric evlink_city_evc1s22p4_firmware |
||
schneider-electric evlink_city_evc1s7p4_firmware |
||
schneider-electric evlink_parking_evw2_firmware |
||
schneider-electric evlink_parking_evf2_firmware |
||
schneider-electric evlink_parking_evp2pe_firmware |
||
schneider-electric evlink_smart_wallbox_evb1a_firmware |