Critical Bug Patched in Schneider Electric Vehicle Charging Station

Vulnerability in electric car charging stations could allow attackers to compromise devices.

Schneider Electric is warning about a critical vulnerability in its EVLink Parking devices – a line of electric vehicle charging stations. The energy management and automation giant said the vulnerability is tied to a hard-coded credential bug that exists within the device that could enable attackers to gain access to the system.

Affected are EVLink Parking floor-standing units (v3.2.0-12_v1 and earlier). The vulnerability (CVE-2018-7800) is one of three fixes issued by Schneider last week (PDF) impacting the electric charging stations. The company also issued warnings and fixes for a code injection vulnerability (CVE-2018-7801) and SQL injection bug (CVE-2018-7802).

Read more…
Source: ThreatPost