CVE-2024-43651
Vulnerability from cvelistv5
Published
2025-01-09 07:56
Modified
2025-01-09 15:21
Severity ?
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H/S:P/AU:Y
Summary
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC models before version 241207101 Likelihood: Moderate – The <redacted> binary does not seem to be used by the web interface, so it might be more difficult to find. It seems to be largely the same binary as used by the Iocharger Pedestal charging station, however. The attacker will also need a (low privilege) account to gain access to the <redacted> binary, or convince a user with such access to execute a crafted HTTP request. Impact: Critical – The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and delete files and services. CVSS clarification: Any network connection serving the web interface is vulnerable (AV:N) and there are no additional measures to circumvent (AC:L) nor does the attack require special conditions to be present (AT:N). The attack requires authentication, but the level does not matter (PR:L), nor is user interaction required (UI:N). The attack leads to a full compromised (VC:H/VI:H/VA:H) and a compromised device can be used to potentially "pivot" into a network that should nopt be reachable (SC:L/SI:L/SA:H). Because this is an EV charger handing significant power, there is a potential safety impact (S:P). THe attack can be autometed (AU:Y).
References
csirt@divd.nlhttps://csirt.divd.nl/CVE-2024-43651/
csirt@divd.nlhttps://csirt.divd.nl/DIVD-2024-00035/
csirt@divd.nlhttps://iocharger.com
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-43651",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-09T15:20:15.887605Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-09T15:21:03.613Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Iocharger firmware for AC models",
          "vendor": "Iocharger",
          "versions": [
            {
              "lessThan": "24120701",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Wilco van Beijnum"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "Harm van den Brink (DIVD)"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "Frank Breedijk (DIVD)"
        }
      ],
      "datePublic": "2025-01-09T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) vulnerability allows OS Command Injection as root\u003cbr\u003eThis issue affects Iocharger firmware for AC models before version 241207101\u003cbr\u003e\u003cbr\u003eLikelihood: Moderate \u2013 The \u0026lt;redacted\u0026gt; binary does not seem to be used by the web interface, so it might be more difficult to find. It seems to be largely the same binary as used by the Iocharger Pedestal charging station, however. The attacker will also need a (low privilege) account to gain access to the \u0026lt;redacted\u0026gt; binary, or convince a user with such access to execute a crafted HTTP request.\u003cbr\u003e\u003cbr\u003eImpact: Critical \u2013 The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and delete files and services.\u003cbr\u003e\u003cbr\u003eCVSS clarification:\u0026nbsp;Any network connection serving the web interface is vulnerable (AV:N) and there are no additional measures to circumvent (AC:L) nor does the attack require special conditions to be present (AT:N). The attack requires authentication, but the level does not matter (PR:L), nor is user interaction required (UI:N). The attack leads to a full compromised (VC:H/VI:H/VA:H) and a compromised device can be used to potentially \"pivot\" into a network that should nopt be reachable (SC:L/SI:L/SA:H). Because this is an EV charger handing significant power, there is a potential safety impact (S:P). THe attack can be autometed (AU:Y)."
            }
          ],
          "value": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) vulnerability allows OS Command Injection as root\nThis issue affects Iocharger firmware for AC models before version 241207101\n\nLikelihood: Moderate \u2013 The \u003credacted\u003e binary does not seem to be used by the web interface, so it might be more difficult to find. It seems to be largely the same binary as used by the Iocharger Pedestal charging station, however. The attacker will also need a (low privilege) account to gain access to the \u003credacted\u003e binary, or convince a user with such access to execute a crafted HTTP request.\n\nImpact: Critical \u2013 The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and delete files and services.\n\nCVSS clarification:\u00a0Any network connection serving the web interface is vulnerable (AV:N) and there are no additional measures to circumvent (AC:L) nor does the attack require special conditions to be present (AT:N). The attack requires authentication, but the level does not matter (PR:L), nor is user interaction required (UI:N). The attack leads to a full compromised (VC:H/VI:H/VA:H) and a compromised device can be used to potentially \"pivot\" into a network that should nopt be reachable (SC:L/SI:L/SA:H). Because this is an EV charger handing significant power, there is a potential safety impact (S:P). THe attack can be autometed (AU:Y)."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-88",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-88 OS Command Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "NOT_DEFINED",
            "Safety": "PRESENT",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H/S:P/AU:Y",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-250",
              "description": "CWE-250: Execution with Unnecessary Privileges",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "OWASP-A03: Injection",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-09T07:56:47.394Z",
        "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
        "shortName": "DIVD"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://csirt.divd.nl/DIVD-2024-00035/"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://csirt.divd.nl/CVE-2024-43651/"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://iocharger.com"
        }
      ],
      "source": {
        "advisory": "DIVD-2024-00035",
        "discovery": "EXTERNAL"
      },
      "title": "Authenticated command injection in the \u003credacted\u003e action leads to full remote code execution as root on the charging station",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
    "assignerShortName": "DIVD",
    "cveId": "CVE-2024-43651",
    "datePublished": "2025-01-09T07:56:47.394Z",
    "dateReserved": "2024-08-14T09:27:41.767Z",
    "dateUpdated": "2025-01-09T15:21:03.613Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-43651\",\"sourceIdentifier\":\"csirt@divd.nl\",\"published\":\"2025-01-09T08:15:27.590\",\"lastModified\":\"2025-01-09T08:15:27.590\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) vulnerability allows OS Command Injection as root\\nThis issue affects Iocharger firmware for AC models before version 241207101\\n\\nLikelihood: Moderate \u2013 The \u003credacted\u003e binary does not seem to be used by the web interface, so it might be more difficult to find. It seems to be largely the same binary as used by the Iocharger Pedestal charging station, however. The attacker will also need a (low privilege) account to gain access to the \u003credacted\u003e binary, or convince a user with such access to execute a crafted HTTP request.\\n\\nImpact: Critical \u2013 The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and delete files and services.\\n\\nCVSS clarification:\u00a0Any network connection serving the web interface is vulnerable (AV:N) and there are no additional measures to circumvent (AC:L) nor does the attack require special conditions to be present (AT:N). The attack requires authentication, but the level does not matter (PR:L), nor is user interaction required (UI:N). The attack leads to a full compromised (VC:H/VI:H/VA:H) and a compromised device can be used to potentially \\\"pivot\\\" into a network that should nopt be reachable (SC:L/SI:L/SA:H). Because this is an EV charger handing significant power, there is a potential safety impact (S:P). THe attack can be autometed (AU:Y).\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando (\u0027Inyecci\u00f3n de comando\u0027) permite la inyecci\u00f3n de comandos del sistema operativo como superusuario este problema afecta al firmware de Iocharger para modelos AC anteriores a la versi\u00f3n 241207101 Probabilidad: Moderada: el binario  no parece ser utilizado por la interfaz web, por lo que podr\u00eda ser m\u00e1s dif\u00edcil de encontrar. Sin embargo, parece ser en gran medida el mismo binario que utiliza la estaci\u00f3n de carga Pedestal de Iocharger. El atacante tambi\u00e9n necesitar\u00e1 una cuenta (con privilegios bajos) para obtener acceso al binario  o convencer a un usuario con dicho acceso para que ejecute una solicitud HTTP manipulada. Impacto: Cr\u00edtico: el atacante tiene control total sobre la estaci\u00f3n de carga como usuario superusuario y puede agregar, modificar y eliminar archivos y servicios de forma arbitraria. Aclaraci\u00f3n de CVSS: cualquier conexi\u00f3n de red que sirva a la interfaz web es vulnerable (AV:N) y no hay medidas adicionales para eludirla (AC:L) ni el ataque requiere que se presenten condiciones especiales (AT:N). El ataque requiere autenticaci\u00f3n, pero el nivel no importa (PR:L), ni se requiere interacci\u00f3n del usuario (UI:N). El ataque lleva a un ataque completo (VC:H/VI:H/VA:H) y un dispositivo atacado puede usarse para \\\"pivotar\\\" potencialmente hacia una red que no deber\u00eda ser accesible (SC:L/SI:L/SA:H). Debido a que se trata de un cargador de veh\u00edculos el\u00e9ctricos que gestiona una cantidad significativa de energ\u00eda, existe un posible impacto en la seguridad (S:P). El ataque puede automatizarse (AU:Y).\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"csirt@divd.nl\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:X/V:X/RE:X/U:X\",\"baseScore\":9.3,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnerableSystemConfidentiality\":\"HIGH\",\"vulnerableSystemIntegrity\":\"HIGH\",\"vulnerableSystemAvailability\":\"HIGH\",\"subsequentSystemConfidentiality\":\"LOW\",\"subsequentSystemIntegrity\":\"LOW\",\"subsequentSystemAvailability\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirements\":\"NOT_DEFINED\",\"integrityRequirements\":\"NOT_DEFINED\",\"availabilityRequirements\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnerableSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedVulnerableSystemIntegrity\":\"NOT_DEFINED\",\"modifiedVulnerableSystemAvailability\":\"NOT_DEFINED\",\"modifiedSubsequentSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedSubsequentSystemIntegrity\":\"NOT_DEFINED\",\"modifiedSubsequentSystemAvailability\":\"NOT_DEFINED\",\"safety\":\"PRESENT\",\"automatable\":\"YES\",\"recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"csirt@divd.nl\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"},{\"lang\":\"en\",\"value\":\"CWE-250\"}]}],\"references\":[{\"url\":\"https://csirt.divd.nl/CVE-2024-43651/\",\"source\":\"csirt@divd.nl\"},{\"url\":\"https://csirt.divd.nl/DIVD-2024-00035/\",\"source\":\"csirt@divd.nl\"},{\"url\":\"https://iocharger.com\",\"source\":\"csirt@divd.nl\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.