Vulnerability in electric car charging stations could allow attackers to compromise devices.
Schneider Electric is warning about a critical vulnerability in its EVLink Parking devices – a line of electric vehicle charging stations. The energy management and automation giant said the vulnerability is tied to a hard-coded credential bug that exists within the device that could enable attackers to gain access to the system.
Affected are EVLink Parking floor-standing units (v3.2.0-12_v1 and earlier). The vulnerability (CVE-2018-7800) is one of three fixes issued by Schneider last week (PDF) impacting the electric charging stations. The company also issued warnings and fixes for a code injection vulnerability (CVE-2018-7801) and SQL injection bug (CVE-2018-7802).