alpitronic Hypercharger EV Charger

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v4 8.3
  • ATTENTION: Exploitable remotely/Low attack complexity
  • Vendor: alpitronic
  • Equipment: Hypercharger EV charger
  • Vulnerability: Use of Default Credentials

2. RISK EVALUATION

Successful exploitation of this vulnerability could result in an attacker disabling the device, bypassing payment, or accessing payment data.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of Hypercharger EV charger, a high power charging station, are affected:

  • Hypercharger EV charger: all versions

3.2 Vulnerability Overview

3.2.1 USE OF DEFAULT CREDENTIALS CWE-1392

If misconfigured, the charging devices can expose a web interface protected by authentication. If the default credentials are not changed, an attacker can use public knowledge to access the device as an administrator.

CVE-2024-4622 has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H).

A CVSS v4 score has been calculated for CVE-2024-4622. A base score of 8.3 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Transportation Systems
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: Italy

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from All CISA Advisories

Read the original article: