本文作者:中国黑客网

Schneider Electric EVlink会话管理漏洞

中国黑客网 3周前 ( 07-17 20:47 ) 246

受影响系统:

Schneider Electric Schneider Electric EVlink City EVC1S22P4 < R8 3.4.0.2

Schneider Electric Schneider Electric EVlink City EVC1S7P4 < R8 3.4.0.2

Schneider Electric Schneider Electric EVlink Parking EVW2 < R8 3.4.0.2

Schneider Electric Schneider Electric EVlink Parking EVF2 < R8 3.4.0.2

Schneider Electric Schneider Electric EVlink Smart Wallbox EVB1A < R8 3.4.0.2

Schneider Electric Schneider Electric EVlink Parking EVP2PE < R8 3.4.0.2

描述:

--------------------------------------------------------------------------------

CVE(CAN) ID: CVE-2021-22820

Schneider Electric EVlink City等都是法国施耐德电气(Schneider Electric)公司的电动汽车充电站的一款充电解决方案。

Schneider Electric的多个产品存在会话管理漏洞。即使合法用户账户持有人已经更改了密码,攻击者依旧可以利用该漏洞在未经授权的情况下对所劫持的会话中的充电站web服务器进行访问。


<*来源:Tony Marcel Nasr


链接:https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-02

*>


建议:

--------------------------------------------------------------------------------

厂商补丁:


Schneider Electric

------------------

Schneider Electric已经为此发布了一个安全公告(SEVD-2021-348-02)以及相应补丁:

SEVD-2021-348-02:Schneider Electric Security Notification

链接:https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-02