Schneider has fixed three vulnerabilities in one of his popular electric car charging stations, which he said could easily be attacked to remotely take over the unit.
At its worst, an attacker can force a plugged-in vehicle to stop charging, rendering it useless in a "denial-of-service state," an attack favored by some threat actor as it's an effective way of forcing something to stop working.
The bugs were fixed with a software update that rolled out on September 2, 2009, and the details of the bugs were revealed in a supporting document on December 20. Now, a full picture of the vulnerabilities, by New York-based security firm Positive Technologies, were released today ̵
Schneider's EVLink charging stations come in all shapes and sizes – some for the garage wall and some at gas stations.
At the center of Positive's disclosure is Schneider's EVLink Parking electric charging stations, one of several Schneider products that sells, and ordinarily marketed to apartment complexes, private parking area, offices and municipalities. Because the EVLink parking station can be connected to Schneider's cloud with internet connectivity, either. Tesla, which have their own proprietary connector.
even though it's in use.
"A hacker can stop The charging process, which could result in a loss of security, could not be solved with the cable "Said Positive."
The researchers Vladimir Kononovich and Vyacheslav Moskvin thus found two other bugs that gives access to attackers full access over a device – a code injection flaw and an SQL injection vulnerability. Both were fixed in the same software update.
Schneider did not respond to a request for comment. If that changes, we'll update.
Additional reporting: Kirsten Korosec.