Schneider Electric EVLink WallBox (Update A)

MonitorCVSS 7.2ICS-CERT ICSA-25-175-04Jun 10, 2025

Schneider ElectricEnergy

Attack path

Attack VectorNetwork

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

Schneider Electric EVLink WallBox contains multiple vulnerabilities (CWE-22 path traversal, CWE-79 cross-site scripting, CWE-78 remote code execution) accessible to authenticated users of the web interface. These vulnerabilities could allow information disclosure, service interruption, and complete control of the charging station. The vendor has not released a patch and recommends network isolation and security best practices as mitigation.

What this means

What could happen

An authenticated attacker could read arbitrary files, inject malicious code into the charging station's web interface, or execute remote commands, potentially causing service disruption or disabling vehicle charging functionality.

Who's at risk

Homeowners and small businesses using Schneider Electric EVLink WallBox charging stations for electric vehicle charging. This device is typically deployed in residential or private commercial properties and does not affect critical utility infrastructure, but impacts the reliability of home/site-based EV charging.

How it could be exploited

An attacker with valid credentials to the EVLink WallBox web interface could exploit path traversal (CWE-22) to access sensitive files, inject cross-site scripting payloads (CWE-79) to manipulate the interface, or execute system commands (CWE-78) via the authenticated web server to gain full device control.

Prerequisites

Valid admin credentials for the EVLink WallBox web interface
Network access to the charging station's web server
Device must be accessible from the attacker's network (not isolated or air-gapped)

authenticated access required (lowers immediate risk in isolated networks)no patch available (end-of-life product)affects availability and confidentiality of charging infrastructure

Exploitability

Some exploitation risk — EPSS score 1.2%

Affected products (1)

ProductAffected VersionsFix Status

EVLink WallBox All versionsAll versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/4

WORKAROUNDChange the default admin password immediately to a strong password (20+ characters including uppercase, lowercase, numbers, and special characters)

HARDENINGIsolate the EVLink WallBox on its own network segment using a VLAN or guest network if your router supports it

HARDENINGDo NOT configure port forwarding or expose the device to a public IP address; keep it accessible only from your home network

HARDENINGEnable the strongest available Wi-Fi encryption (WPA3 or WPA2/3 with protected management frames)

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

WORKAROUNDSchedule regular reboots of your router, smartphones, and computers to clear any potential compromise

CVEs (4)

CVE-2025-5740 CVE-2025-5741 CVE-2025-5742 CVE-2025-5743

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/33c75d1b-8457-44af-89f5-bc012697255e

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.