Schneider Electric car charging station vulnerabilities allowed stolen cables, halted charging

News by Robert Abel

Positive Technologies researchers have released details concerning the vulnerabilities patched last month in the Schneider Electric car charging stations.

Positive Technologies researchers have released details concerning the vulnerabilities patched last month in the Schneider Electric car charging stations.

One of the vulnerabilities, (CVE-2018-7800) enables access with maximum privileges to the charging station and could allow an attacker to stop the charging process and switch the device to the reservation mode making it inaccessible to customers until the machine is rebooted, according to a 14 January blog post. 

The attacker could even unlock the charging cable from the device while it is in the process of charging a vehicle allowing them to steal the entire cable ultimately leading to financial losses for the energy sector and uncharged vehicles for customers. 

Two other vulnerabilities found , CVE-2018-7801 and  CVE-2018-7802 allow hackers to gain access to the device with maximum privileges and bypass authorisation to gain access to the web interface with full privileges, respectively. 

"Schneider Electric products are widely used in countries all over the world where the electric vehicle industry is developing. Exploitation of these vulnerabilities may lead to serious consequences," Positive Technologies Industry and SCADA Research Analyst Paolo Emiliani said in the blog. "Attackers can actually block electric car charging and cause serious damage to the energy industry."

This article was originally published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Webcasts and interviews 

Interview - Everyone has an Achilles heel: The new security paradigm

How can we defend networks now that the perimeter has all but disappeared?
Brought to you in partnership with ExtraHop