OTPulse
FeedAboutContact

EVlink Home Smart

Monitor6.5SEVD-2024-163-03Jun 11, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Schneider Electric EVlink Home Smart charging stations contain a non-disabled SSH interface that is exposed on the local area network. This creates an information disclosure risk, allowing potential attackers on the network to discover and perform reconnaissance on the device. The vulnerability affects versions 2.0.4.1.2_131 and earlier (2.0.3.8.2_128). Failure to remediate exposes the charging station to network scanning and reconnaissance activities from malicious users on the same network.

What this means
What could happen
An attacker on your home network could discover and potentially access the EV charging station via an unprotected SSH interface, potentially allowing reconnaissance or further exploitation of the device.
Who's at risk
Homeowners and property managers with Schneider Electric EVlink Home Smart residential EV charging stations are affected. This includes any EV charging infrastructure connected to home or small-business networks that have internet connectivity through the Wiser application.
How it could be exploited
An attacker on the same local network (home Wi-Fi or wired LAN) can scan for open SSH ports and discover the EVlink Home Smart device. Once discovered, they could attempt to access the SSH interface without authentication to gather information about the device or look for credential-based exploitation opportunities.
Prerequisites
  • Network access to the charging station on the local network (home Wi-Fi or wired Ethernet)
  • No authentication required to discover the SSH interface
Remotely exploitable via local networkNo authentication required to discover SSH interfaceLow complexity attackAffects residential and small commercial infrastructure
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
EVlink Home Smart2.0.4.1.2 1312.0.5.0.0_134
EVlink Home Smart2.0.3.8.2 1282.0.5.0.0_134
Remediation & Mitigation
0/4
Schedule — requires maintenance window
0/4

Patching may require device reboot — plan for process interruption

EVlink Home Smart
HOTFIXUpdate EVlink Home Smart firmware to version 2.0.5.0.0_134 or later
All products
HOTFIXEnsure the charging station is connected to the Wiser application so that the firmware update is automatically downloaded and installed
HOTFIXVerify the installed firmware version through the Wiser application settings page after update
HOTFIXIf automatic updates are not available, manually check for and install the update through the Wiser application
View full Schneider Electric advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/a2d2fe68-5dd5-46c6-981c-95b51223b574
EVlink Home Smart | CVSS 6.5 - OTPulse