Schneider Electric EVLink Parking

1. EXECUTIVE SUMMARY

  • CVSS v3 9.8
  • ATTENTION: Exploitable remotely/low skill level to exploit
  • Vendor: Schneider Electric
  • Equipment: EVLink Parking
  • Vulnerabilities: Use of Hard-coded Credentials, Code Injection, SQL Injection

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to stop the device and prevent charging, execute arbitrary commands, and access the web interface with full privileges.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of EVLink Parking, an electric vehicle charging station, are affected:

  • EVLink Parking Versions 3.2.0-12_v1 and prior.

3.2 VULNERABILITY OVERVIEW

3.2.1    USE OF HARD-CODED CREDENTIALS CWE-798

A hard-coded credentials vulnerability exists that could enable an attacker to gain access to the device.

CVE-2018-7800 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

3.2.2    IMPROPER CONTROL OF GENERATION OF CODE (‘CODE INJECTION’) CWE-94

A code injection vulnerability exists that could allow remote code execution with maximum privileges.

CVE-2018-7801 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

3.2.3    IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND (‘SQL INJECTION’) CWE-89

A SQL injection vulnerability exists that could give an attacker access to the web interface with full privileges.

CVE-2018-7802 has been assigned to this vulnerability. A CVSS v3 base score of 6.4 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Transportation
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: France

4. MITIGATIONS

SCS recommends users setup a firewall to restrict remote access to the charging stations by unauthorized users. A software update is also available for download to mitigate these vulnerabilities:

https://www.schneider-electric.com/en/download/range/60850-EVlink Parking/?docTypeGroup=3541958-Software/Firmware

For more information see Schneider Electric’s security notification which can be viewed at the following link:

https://www.schneider-electric.com/en/download/document/SEVD-2018-354-01/

Leave a Reply

Your email address will not be published. Required fields are marked *