Schneider Electric EVLink Parking ICSA-19-031-01 Multiple Security Vulnerabilities

Bugtraq ID:	106807
Class:	Design Error
CVE:	CVE-2018-7800 CVE-2018-7801 CVE-2018-7802
Remote:	Yes
Local:	No
Published:	Jan 31 2019 12:00AM
Updated:	Jan 31 2019 12:00AM
Credit:	Vladimir Kononovich and Vyacheslav Moskvin of Positive Technologies
Vulnerable:	Schneider-Electric EVLink Parking 3.2.0-12_v1
Not Vulnerable:

Schneider Electric EVLink Parking ICSA-19-031-01 Multiple Security Vulnerabilities

Schneider Electric EVLink Parking is prone to multiple security vulnerabilities.

An attacker can leverage these issues to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, inject code, execute arbitrary code, or gain access to the affected system.

EVLink Parking Versions 3.2.0-12_v1 and prior are vulnerable.

Schneider Electric EVLink Parking ICSA-19-031-01 Multiple Security Vulnerabilities

Currently, we are not aware of any working exploits. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

Schneider Electric EVLink Parking ICSA-19-031-01 Multiple Security Vulnerabilities

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Schneider Electric EVLink Parking ICSA-19-031-01 Multiple Security Vulnerabilities

References:

• Schneider Electric Home Page (Schneider Electric)
  
• ICSA-19-031-01 Schneider Electric EVLink Parking (CERT)
  
• Security Notification �?? EVLink Parking (Schneider Electric)
  
• Security Notification �?? EVLink Parking (Schneider Electric)