OTPulse
FeedAboutContact

Schneider Electric EVlink Home Smart and Schneider Charge

Plan Patch8.5ICS-CERT ICSA-25-023-03Oct 8, 2024
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Schneider Electric EVlink Home Smart and Schneider Charge charging stations contain a vulnerability that could disclose confidential information related to internal test equipment and diagnostic features. The vulnerability affects only non-production test functionality embedded in the devices; it does not compromise customer personal data or normal charging operations. Schneider has released fixed firmware versions (EVlink Home Smart 2.0.6.0.0 and Schneider Charge 1.13.4) that have been automatically deployed to all connected units via the Wiser platform. For new installations, the fix is enforced through the eSetup commissioning application.

What this means
What could happen
A vulnerability in EVlink Home Smart and Schneider Charge charging stations could disclose confidential information related to test equipment and diagnostic features. This affects only non-production test functionality, not customer operational data or station control capabilities.
Who's at risk
Energy utilities and facilities managing Schneider Electric EV charging infrastructure should assess their EVlink Home Smart and Schneider Charge installations. This affects charging station deployment in commercial and residential settings managed through the Wiser platform.
How it could be exploited
An attacker with local access to an affected charging station could exploit the vulnerability to access internal test equipment information or diagnostic features. The vulnerability is not remotely exploitable and does not affect normal charging operations or customer data.
Prerequisites
  • Local physical access to the charging station
  • Charging station running firmware version prior to 2.0.6.0.0 (EVlink Home Smart) or 1.13.4 (Schneider Charge)
  • Knowledge of test features or diagnostic interfaces
Low complexity exploitationLocal access required (limits risk)Test/diagnostic feature exposure onlyVendor has deployed automatic remediation
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
EVlink Home Smart all<2.0.6.0.02.0.6.0.0
Schneider Charge all<1.13.41.13.4
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGEnsure charging stations are connected to the Wiser application to receive and install automatic firmware updates
HARDENINGVerify installed firmware version through Wiser application settings page or third-party supervision application
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate EVlink Home Smart to firmware version 2.0.6.0.0 or later
HOTFIXUpdate Schneider Charge to version 1.13.4 or later
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/f682def4-e150-4cae-8a9b-222fd84ef16e
Schneider Electric EVlink Home Smart and Schneider Charge | CVSS 8.5 - OTPulse