Vulnerability Management

Schneider Electric car charging station vulnerabilities allowed stolen cables, halted charging


Positive Technologies researchers have released details concerning the vulnerabilities patched last month in the Schneider Electric car charging stations.

One of the vulnerabilities, (CVE-2018-7800) enables access with maximum privileges to the charging station and could allow an attacker to stop the charging process and switch the device to the reservation mode making it inaccessible to customers until the machine is rebooted, according to a Jan. 14 blog post.

The attacker could even unlock the charging cable from the device while it is in the process of charging a vehicle allowing them to steal the entire cable ultimately leading to financial losses for the energy sector and uncharged vehicles for customers.

Two other vulnerabilities found , CVE-2018-7801 and  CVE-2018-7802 allow hackers to gain access to the device with maximum privileges and bypass authorization to gain access to the web interface with full privileges, respectively.

"Schneider Electric products are widely used in countries all over the world where the electric vehicle industry is developing. Exploitation of these vulnerabilities may lead to serious consequences," Positive Technologies Industry and SCADA Research Analyst Paolo Emiliani said in the blog. "Attackers can actually block electric car charging and cause serious damage to the energy industry."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.