Cyber Resilience

CVE-2021-22819

Medium

Published: 28 January 2022

Published
28 January 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
EPSS Score 0.0021 43.0th percentile
Risk Priority 9 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-22819 is a medium-severity Improper Restriction of Rendered UI Layers or Frames (CWE-1021) vulnerability in Schneider-Electric Evlink City Evc1S22P4 Firmware. Its CVSS base score is 4.3 (Medium).

Operationally, ranked at the 43.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Products: EVlink City…

more

EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2)

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

schneider-electric
evlink city evc1s22p4 firmware
≤ 3.4.0.2
schneider-electric
evlink city evc1s7p4 firmware
≤ 3.4.0.2
schneider-electric
evlink parking evw2 firmware
≤ 3.4.0.2
schneider-electric
evlink parking evf2 firmware
≤ 3.4.0.2
schneider-electric
evlink parking evp2pe firmware
≤ 3.4.0.2
schneider-electric
evlink smart wallbox evb1a firmware
≤ 3.4.0.2

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References