Schneider Electric is warning users of multiple vulnerabilities in the EVLink Parking product including a “critical” vulnerability.The critical vulnerability is caused by hard-coded credentials that allows an attacker to gain access to the device, according to a Dec. 20 security notification issued by the firm.Schneider Electric also patched a “High” rated code Injection vulnerability which could also allow an attacker to gain access to the device as well as a “Medium” rated SQL Injection vulnerability which could give access to the web interface with full privileges.The vulnerabilities affect EVLink Parking v3.2.0-12_v1 and earlier versions and researchers have already released a patch to address the bugs. Users may also set up a firewall to block remote/external access except by authorized users as a workaround or mitigation to reduce risk and best practices as always are strongly advised.
Incident Response, Patch/Configuration Management, TDR, Vulnerability Management
Critical vulnerability patched in Schneider Electric car charging stations
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



