Critical Bug Patched in Schneider Electric Vehicle Charging Station

Vulnerability in electric car charging stations could allow attackers to compromise devices.

Schneider Electric is warning about a critical vulnerability in its EVLink Parking devices – a line of electric vehicle charging stations. The energy management and automation giant said the vulnerability is tied to a hard-coded credential bug that exists within the device that could enable attackers to gain access to the system.

Affected are EVLink Parking floor-standing units (v3.2.0-12_v1 and earlier). The vulnerability (CVE-2018-7800) is one of three fixes issued by Schneider last week (PDF) impacting the electric charging stations. The company also issued warnings and fixes for a code injection vulnerability (CVE-2018-7801) and SQL injection bug (CVE-2018-7802).

The code injection bug is rated high (CVSS 8.8) and “could enable access with maximum privileges when a remote code execution is performed,” according to the security bulletin. The SQL Injection vulnerability “could give access to the web interface with full privileges,” the company said of the bug rated medium (CVSS 6.4).

EVLink Parking stations are typically found at offices, hotels, supermarkets and fleet hubs. The patch can be applied, but the company also offers a number of ways to mitigate risk such as “set up a firewall to block remote/external access except by authorized users.”

It’s unclear what type of additional access an attacker might gain via a compromised EVLink Parking device. The device itself is part of a full EVLink Parking networked solution that includes the charging station, EVLink insights (online portal) and vehicle maintenance and support services. These systems then link to a central system via the cloud for remote management.

A report issued earlier this month by Kaspersky Lab outlined a number of potential vulnerabilities effecting a wide range of electronic vehicle charging stations. Researchers looked into one of the stations, dubbed the ChargePoint Home offering, and found a raft of vulnerabilities (PDF) that could give an attacker unfettered access to the device.

“All an attacker needs to do to conduct an attack is obtain Wi-Fi access to the network the charger is connected to,” Kaspersky Lab researchers said. “Since the devices are made for domestic use, security for the wireless network is likely to be limited. This means that attackers could gain access easily, for example by bruteforcing all possible password options, which is quite common.”

Researchers noted that EV communication protocols are vulnerable to attack as is EV payment systems and the security of backend communications.

Credited for discovering the Schneider bugs is Vladimir Kononovich and Vyacheslav Moskvin, researchers with Positive Technologies.

原文地址:https://www.cnblogs.com/luxiaoyi/p/10184086.html

时间: 2024-10-07 00:33:25

Critical Bug Patched in Schneider Electric Vehicle Charging Station的相关文章

A Constraint Programming Approach to Electric Vehicle Routing with Time Windows(EVRPTW)

(1) 当前方法: We propose the first constraint programming (CP) approaches for modeling and solving the EVRPTW and compare them to an existing mixed-integer linear program (MILP) (2)前人方法: The EVRPTW literature has seen considerable research activity, incl

2015年值得关注的几场IOT会议

1. 新加坡 4月8-9日  "IOT Asia 2015" http://www.internetofthingsasia.com/ 物联网亚洲会议2014开始新办,是针对这一新兴产业的需要,对超过1600家企业.政府机构和解决方案提供商,提供一个独特的平台,学习和利用物联网解决方案,以达到优化业务,降低成本,提高生产力和改善生活. In 2015, the second annual IoT Asia event will continue to raise the profile

2018 数学建模美国赛思路

2018 数学建模 美国赛 D 建模思路 和文章大纲 题目 2018 ICM Problem D: Out of Gas and Driving on E (for electric, not empty) For both environmental and economic reasons, there is global interest in reducing the use of fossil fuels, including gasoline for cars. Whether mo

精品软件3

QQ:365543212 ..................................... MAGMASOFT产品: MAGMASOFT v4.4 Windows & Linux & HPux & Solaris-ISO 1DVD(完全解密版本,无网格数量限制,可以计算的铸造仿真软件) MagmaSoft.v4.4.SP3.4-ISO 1DVD MAGMASOFT v4.4 P28-ISO 1CD Magmasoft 中文教程 MAGNA POWERTRAIN产品: AE

EDEM v2.7 Win64 1CD(离散元专用分析软件)

EDEM Dem-Solutions 2.6.0 RC1 for Linux64 1CD EDEM 是世界上第一个用现代化离散元模型科技设计的用来模拟和分析颗粒处理和生产操作的通用CAE软件,通过模拟散状物料加工处理过程中 颗粒体系的行为特征,协助设计人员对各类散料处理设备进行设计.测试和优化.EDEM主要由三部分组成:Creator.Simulator和Analyst.Creator是前处理工具,完成几何结构导入和颗粒模型建立等:Simulator是求解器 ,用于模拟颗粒体系的运动过程:Ana

Agilent ADS 中文视频教程(台湾

Esko Studio Web v14.0.1 Multilanguage MacOSX 1CD Vectric.Aspire.8.0.v2 1CD Bentley.RAM.Connection.V8i.SS6.10.00.00.129 1CD CAXA CAD 电子图板 2015 R1 1DVD CAXA CAPP 2015 R1 工艺图表 1DVD Comsol Multiphysics 5.1.0.145 Update1 Windows Linux MacOSX 1DVD Digital.

UNREAL ENGINE 4.12 正式发布!下载地址

UNREAL ENGINE 4.12 正式发布! 下载地址:https://www.unrealengine.com/ Alexander Paschall 在 June 1, 2016 |功能新闻社区 Share on Facebook Share on Twitter Share on Google+ Share on LinkedIn 此版本内含虚幻引擎 4 的数百个更新,以及 GitHub 虚幻引擎开发者社区提交的 106 项改良!特此对虚幻引擎 4.12 版本的贡献者们表达诚挚谢意:

国际知名电子器件制造商

所有产品 无源元件 无源元件 电阻 - 固定值 电容 电感 电位器, 微调器和配件 电磁/射频干扰抑制 滤波器 变阻器 天线 - 单频段芯片 热敏电阻 查看全部   晶振与振荡器 晶振 振荡器 谐振器 晶体与振荡器分类套件 晶振 - 其它 查看全部   连接器与电缆 连接器 圆形工业和元件 线至板连接器 端子块与配件 插接连接器和组件 D-SUB连接器和组件 连接器工具和配件 压接端子/焊接端子和接片 板至板连接器 射频/同轴连接器和配件 传感器连接器与组件 查看全部   电缆, 电线与组装件

多年收集的一些稀有软件2

QQ:365543212 Fuel Economy Calculator v1.1 B.001(汽车工程软件,用于预测车辆燃油消耗率,是目前此类软件中最为全面的,能接收从最新的发动机分析程序Engine Analyzer自动发送来的强大的游标和发动机规格) Psat v5.1 1CD ProScan.v5.1 1CD PowerFlow v3.3p3a for Linux 1CD(Exa公司的汽车外气流计算软件) Rotating Inertia Calculator v1.1 A.000(一款