OTPulse
FeedAboutContact

EcoStruxure EV Charging Expert

Low RiskSEVD-2024-282-08Oct 8, 2024
Summary

EcoStruxure EV Charging Expert (versions before 6.0.0) contains vulnerabilities in the product's operating system related to legacy components. The product is a load management, access management, and supervision solution for EV charging infrastructure. These vulnerabilities could result in operational failures if not patched.

What this means
What could happen
An attacker exploiting these OS-level vulnerabilities could cause operational failures in EV charging infrastructure, potentially disrupting charging availability and station operations.
Who's at risk
Energy sector operators managing EV charging infrastructure should care about this vulnerability. This affects EcoStruxure EV Charging Expert systems used for load balancing, access control, and monitoring of public and private EV charging stations.
How it could be exploited
The advisory references legacy OS component vulnerabilities but does not specify the attack vector. An attacker would likely need network access to the EV Charging Expert device or its management interface to exploit these OS-level flaws, potentially leading to command execution or service disruption.
Prerequisites
  • Network or physical access to the EcoStruxure EV Charging Expert device
  • Knowledge of the specific legacy OS vulnerability in use
Legacy OS components with known vulnerabilitiesNo patch available for versions below 6.0.0 (EOL devices)Affects critical charging infrastructure operations
Affected products (1)
ProductAffected VersionsFix Status
EcoStruxure EV Charging Expert<6.0.0>=6.0.0
Remediation & Mitigation
0/3
Schedule — requires maintenance window
0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate EcoStruxure EV Charging Expert to version 6.0.0 or later
HOTFIXPlan update during a maintenance window; the installation requires physical access to the device and a reboot that will temporarily take the charging station offline
HOTFIXVerify successful patch installation by checking the software version in the Updates tab of the operation interface after reboot
View full Schneider Electric advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/ed072c2c-e710-4c74-95ff-bb734257aabf