EVlink Home Smart and Schneider Charge

Plan Patch8.5SEVD-2024-282-04Oct 8, 2024

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Vulnerability in EVlink Home Smart and Schneider Charge charging stations related to potential disclosure of confidential information. The vulnerability involves exposure of remote test equipment and test features that are present in some units but removed from production versions. This does not relate to customer personal data and cannot be exploited to abuse the products. Affected versions: EVlink Home Smart below 2.0.6.0.0 and Schneider Charge below 1.13.4.

What this means

What could happen

An attacker with local access to the charging station could potentially access internal test data or features, though practical exploitation is limited and does not expose customer data. The vulnerability has already been automatically patched for connected units via the Wiser application.

Who's at risk

Energy and manufacturing organizations operating EV charging infrastructure using Schneider Electric's EVlink Home Smart or Schneider Charge products, particularly those with connected units that have not yet received the automatic firmware update or new installations not yet commissioned with the latest software.

How it could be exploited

An attacker would need local physical access to an affected charging station (unpatched firmware) to access the exposed test equipment or features. The vulnerability requires local attack vector and does not provide a practical attack path to abuse the charging station or extract sensitive operational data.

Prerequisites

Local physical access to unpatched EVlink Home Smart or Schneider Charge unit
Unit must be running firmware version below 2.0.6.0.0 (EVlink) or 1.13.4 (Schneider Charge)

Local attack vector onlyInformation disclosure only (no code execution or availability impact)Already patched and deployed automatically to connected unitsLow practical exploitability

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

EVlink Home Smart all<2.0.6.0.02.0.6.0.0

Schneider Charge all<1.13.41.13.4

Remediation & Mitigation

0/4

Do now

0/1

HARDENINGVerify installed firmware version through Wiser application settings or third-party supervision application

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate EVlink Home Smart to firmware version 2.0.6.0.0 and Schneider Charge to version 1.13.4

HARDENINGEnsure charging stations are connected to the Wiser application to receive and install automatic firmware updates

HARDENINGFor new installations, use eSetup commissioning application to enforce the latest fixed firmware version

CVEs (1)

CVE-2024-8070

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c8406522-909d-40d6-b794-d3dda5496deb