N/A

A CWE-614 Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain an unauthorized access over a hijacked session to the charger station web server even after the legitimate user account holder has changed his password. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2)

N/A

N/A

多款Schneider Electric产品代码问题漏洞

Schneider Electric EVlink City等都是法国施耐德电气（Schneider Electric）公司的电动汽车充电站的一款充电解决方案。 多款Schneider Electric产品存在安全漏洞，该漏洞允许攻击者在合法用户帐户更改了密码后，仍然可以通过劫持的会话对充电站web服务器进行未经授权的访问。以下产品及版本受到影响:EVlink City EVC1S22P4/EVC1S7P4 (R8 V3.4.0.2之前所有版本)、EVlink Parking EVW2/ EVF2/ EV

N/A

N/A