A critical vulnerability in Schneider Electric's electric car charging stations could have allowed hackers to compromise systems. At this time, patches have already been released for this vulnerability.
Cybersecurity experts have found that payment systems, communication protocols, and backend communications on these devices are vulnerable to hacker attacks.
The critical vulnerability that allows hackers to gain access to the system is specifically found in Schneider Electric’s EVLink Parking devices. Schneider Electric has announced that the flaw is related to a hard-coded credential bug that exists within the EVLink Parking device. This charging station series is designed for secure parking areas, for example, private or paid parking lots.
The company also reported that the vulnerability affects EVLink Parking devices - v3.2.0-12_v1 and earlier models.
The security issue has been identified as CVE-2018-7800 and is one of three vulnerabilities patched by the release of the latest Schneider update.
The other two fixed vulnerabilities are a code injection flaw CVE-2018-7801 and a SQL injection vulnerability CVE-2018-7802.
The CVE-2018-7801 flaw is rated high with CVSS 8.8, as could allow hackers access with maximum privileges when remote code execution is done.
The CVE-2018-7802 vulnerability is considered to be medium risk and is rated as CVSS 6.4, while it could give access to the web interface with full privileges.
The company advises users to use a firewall to block any external hacker access.
It is not yet clear, however, exactly what access can be given to hackers if they attack a compromised EVLink Parking device. The complete EVLink Parking network solution includes a charging station, an EVLink online portal, and vehicle maintenance services. These systems are connected to the central system via a cloud so they can be remotely controlled. Obviously, our own security as consumers could face some risks due to the care of nature.