EcoStruxure EV Charging Expert

Low RiskSEVD-2024-282-08Oct 8, 2024

Schneider ElectricEnergy

Summary

Multiple vulnerabilities exist in EcoStruxure EV Charging Expert (formerly EVlink Load Management System) due to legacy OS component issues. The product is a load management, access management, and supervision solution for EV charging infrastructure. These vulnerabilities could result in operational failures if not mitigated. Version 6.0.0 and later contain fixes for these issues.

What this means

What could happen

An attacker who exploits legacy OS vulnerabilities in EcoStruxure EV Charging Expert could disrupt EV charging station operations, including load management and access control functions, potentially preventing vehicles from charging or disabling safety features.

Who's at risk

EV charging infrastructure operators and energy utilities deploying Schneider Electric EcoStruxure EV Charging Expert systems for load management, access control, and charging supervision. This affects any organization managing EV charging networks that rely on centralized supervision and load management.

How it could be exploited

An attacker with network access to an EcoStruxure EV Charging Expert device running software below version 6.0.0 could exploit unpatched legacy operating system vulnerabilities to execute commands on the device and interfere with charging operations, access control, or load management functions.

Prerequisites

Network access to the EcoStruxure EV Charging Expert device
Device running software version before 6.0.0
Attacker capable of exploiting legacy OS vulnerabilities (complexity depends on specific CVEs underlying these OS issues)

legacy OS componentsunpatched vulnerabilitiesaffects operational infrastructurepatch requires planned downtime

Affected products (1)

ProductAffected VersionsFix Status

EcoStruxure EV Charging Expert<6.0.0>=6.0.0

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGRestrict network access to EcoStruxure EV Charging Expert devices to authorized personnel and systems only (firewall rules, network segmentation)

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate EcoStruxure EV Charging Expert to version 6.0.0 or later

HOTFIXSchedule a maintenance window that includes device reboot, as physical access and product restart are required to complete the update

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ed072c2c-e710-4c74-95ff-bb734257aabf

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.