Incident Response, Patch/Configuration Management, TDR, Vulnerability Management

Critical vulnerability patched in Schneider Electric car charging stations


Schneider Electric is warning users of multiple vulnerabilities in the EVLink Parking product including a “critical” vulnerability.

The critical vulnerability is caused by hard-coded credentials that allows an attacker to gain access to the device, according to a Dec. 20 security notification issued by the firm.

Schneider Electric also patched a “High” rated code Injection vulnerability which could also allow an attacker to gain access to the device as well as a “Medium” rated SQL Injection vulnerability which could give access to the web interface with full privileges.

The vulnerabilities affect EVLink Parking v3.2.0-12_v1 and earlier versions and researchers have already released a patch to address the bugs. Users may also set up a firewall to block remote/external access except by authorized users as a workaround or mitigation to reduce risk and best practices as always are strongly advised.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.