Schneider Electric recently patched three security flaws in a popular type of electric-car charger that it manufactures, vulnerability assessment company Positive Technologies said Monday. The most serious of the vulnerabilities in the EVlink charging stations involved hard-coded credentials, meaning the units were shipped with default passwords or security keys embedded in their firmware. If hackers discover such credentials in any type of device, they can use them to gain wide access to them. Schneider and Positive Technologies labeled that flaw as “critical,” saying an intruder could halt the charging process and switch it into “reservation mode,” making a station unusable to anyone until the mode is turned off. Hackers could even control the socket locking hatch, letting them unlock and “walk away with the cable,” Positive Technologies said. A second vulnerability, rated as “high-risk,” allows for an attacker to execute arbitrary commands on the station and gain maximum privileges. And another vulnerability labeled as “medium” risk would let an attacker bypass authorization and access a […]
The post Schneider Electric’s car charging stations get crucial patches appeared first on CyberScoop.
Continue reading Schneider Electric’s car charging stations get crucial patches→