Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label EVLink. Show all posts

New Vulnerabilities Expose EVlink Electric Vehicle Charging Stations to Remote Hacking

 

Schneider Electric confirmed the discovery and patching of multiple vulnerabilities in EVlink EV charging stations, which might expose these deployments to hostile hackers, in a security advisory. 

The flaws are found in the EVlink City (EVC1S22P4 and EVC1S7P4), Parking (EVW2, EVF2, and EVP2PE), and Smart Wallbox (EVB1A) equipment, as well as other items that will be terminated. 

Cross-site request forgery (CSRF) and cross-site scripting (XSS) flaws stand out among the vulnerabilities addressed, both of which could be used to launch actions impersonating legitimate users; additionally, a vulnerability was addressed that could give attackers complete access to charging stations via brute force attacks. 

According to the Common Vulnerability Scoring System, the most serious vulnerability obtained a score of 9.3/10. (CVSS). The firm warns that exploiting the major issue could result in serious consequences. 

Schneider’s notice stated, “Malicious manipulation of charging stations could lead to denial of service (DoS) attacks, deregistration, and disclosure of sensitive information.” 

The majority of these flaws require physical access to the system's internal communication ports, while some more sophisticated assaults can be carried out remotely over the Internet. The vulnerabilities entail sending specially crafted queries, according to Tony Nasr, the researcher who first disclosed the flaws, and exploitation does not require interaction from vulnerable users. 

“Attacks allow threat actors to exploit compromised EVCS in a similar way to the operation of a botnet, allowing the deployment of various attacks.” 

Exploiting the CSRF and XSS vulnerabilities, on the other hand, necessitates a certain level of user engagement. While Internet-oriented EVlink implementations are the most dangerous attack vector, cybercriminals might still pose a serious security risk to these stations over LAN, as the EVlink configuration needs network connectivity for remote control and more efficient management. 

Nasr concluded by stating that these flaws were discovered as part of a larger research on charging station management systems for electric vehicles. The study's full findings will be released in the coming months.