Cybersecurity researchers have detected three different vulnerabilities in the Schneider Electric EVlink Parking electric vehicle charging station.
For those who don’t know Schneider Electric products are heavily used in countries all over the world where the electric vehicle industry is developing. Exploitation of these vulnerabilities may lead to serious consequences because hackers can actually block electric car charging and cause serious damage to the energy industry.
All three represents a serious threat because if they are exploited by a hacker, he or she can then easily halt the charging process.
Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
The new vulnerabilities have the following names CVE-2018-7800, CVE-2018-7801, and CVE-2018-7802; all can be found in charging stations used at parking environments in several countries, including at offices, hotels, supermarkets, and municipal free parking locations. All models running version EVLink Parking v3.2.0-12_v1 and earlier require an immediate update.
Researchers say that after conducting an investigation they found that each and every one of the vulnerabilities can be used by hackers to stop the charging process of the vehicles plugged for charging or unlock and steal the charging cables.
From those three the most problematic are CVE-2018-7800 and CVE-2018-7802 because if they are used hackers gain privileged access to the charging station that can stop the charging process, switch the device to the reservation mode, unlock the cable during the charging by manipulating the socket locking hatch and walk away with it
Schneider urged customers to use a firewall in order to block remote/external access for the unauthorized users. This risk mitigation strategy recommended other several cybersecurity practices, too, as locating control and safety system networks and remote devices behind firewalls, and isolate them from the business network. Meaning that every user has to minimize network exposure for all control system devices and systems, in order to ensure that they are not accessible from the Internet.
We would continue to monitor this cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.