SEVD-2022-039-02
Schneider Electric is aware of multiple vulnerabilities in its EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System) products. The EcoStruxure EV Charging Expert products are load management, access management and supervision solutions for EV charging infrastructure. Failure to apply the available remediations may risk potential unauthorized access to the product’s web server, which could lead to tampering and compromise of the product’s settings and accounts. Such tampering could lead to things like denial of service attacks, which could result in unauthorized use of the managed EV charging stations, service interruptions, failure to communicate with the supervision system and the modification and disclosure of the product’s configuration. In addition to applying the available remediations, to limit the risk of a product being compromised, Schneider Electric recommends that customers follow and apply network security best practices and ensure that the products are not accessible from the internet, as outlined in the General Security Recommendations section
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider Electric EcoStruxure EV Charging versions prior to SP8 (Version 01) V4.0.0.13 | ||
| Schneider Electric EcoStruxure EV Charging SP8 (Version 01) V4.0.0.13 |
Timeline
- Feb 8, 2022 CVE Published
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-039-02_EcoStruxure_EV_Charging_Expert_Security_Notification.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2022-039-02.json advisory
- https://www.se.com/us/en/download/document/7EN52-0390/ url
- https://www.se.com/ww/en/product-range/62159-ecostruxure-ev-charging-expert/#software-and-firmware fix