Schneider Electric EVLink WallBox (Update A)

Monitor7.2ICS-CERT ICSA-25-175-04Jun 10, 2025

Attack VectorNetwork

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities exist in Schneider Electric EVLink WallBox charging stations affecting all versions. The vulnerabilities include arbitrary file read (CWE-22), cross-site scripting (CWE-79), and remote code execution (CWE-78). An authenticated user with access to the web server could exploit these to disclose information, interrupt charging service, or gain full control of the charging station. The vulnerabilities require authentication but pose significant risk if default credentials are not changed or if the device is accessible to unauthorized network users.

What this means

What could happen

An authenticated attacker could read arbitrary files, execute remote code on the charging station, or inject malicious scripts into the web interface. This could allow an attacker to disable charging functionality, extract sensitive data, or gain full control of the device and potentially compromise the home or building network.

Who's at risk

Electric vehicle charging station owners and facility managers responsible for EVLink WallBox devices used in home networks, small office networks, or private residential charging installations. This affects any organization or individual operating Schneider Electric EVLink WallBox equipment at all versions.

How it could be exploited

An attacker with valid credentials to the EVLink WallBox web server could exploit file traversal (CWE-22), cross-site scripting (CWE-79), or command injection (CWE-78) vulnerabilities to read files on the device, inject malicious JavaScript into web pages served to other users, or execute arbitrary commands with the privileges of the web server process.

Prerequisites

Valid web server credentials (username and password)
Network access to the EVLink WallBox web interface (port 80 or 443, or configured admin port)
Device must be reachable from the attacker's network segment

Requires authenticated access (reduces immediate risk but increases insider threat)Low complexity attack (straightforward exploitation once credentials obtained)No patch available (end-of-life product or vendor will not issue fix)High CVSS score (7.2)Affects home/building network infrastructure

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (1)

ProductAffected VersionsFix Status

EVLink WallBox All versionsAll versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDChange default administrator password immediately upon device receipt and after any factory reset. Ensure passwords are at least 20 characters and include uppercase, lowercase, numbers, and special characters.

HARDENINGDo not expose the device to the public internet. Disable port forwarding to the device's web interface and ensure it only receives requests from the local home or office network.

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGEnable the strongest available Wi-Fi encryption (WPA3, or WPA2/3 with protected management frames) if the device connects wirelessly.

Long-term hardening

0/1

WORKAROUNDSchedule regular reboots of routers, smartphones, and computers connected to the same network as the EVLink WallBox to limit exposure window from any compromised devices.

Mitigations - no patch available

0/1

EVLink WallBox All versions has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGIsolate the EVLink WallBox on a dedicated network segment using a guest network or VLAN separate from user devices and IT infrastructure.

CVEs (4)

CVE-2025-5740 CVE-2025-5741 CVE-2025-5742 CVE-2025-5743

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/33c75d1b-8457-44af-89f5-bc012697255e