cve-2024-43659
Vulnerability from cvelistv5
Published
2025-01-09 07:56
Modified
2025-01-09 14:48
Severity ?
EPSS score ?
Summary
After gaining access to the firmware of a charging station, a file at <redacted> can be accessed to obtain default credentials that are the same across all Iocharger AC model EV chargers.
This issue affects Iocharger firmware for AC models before firmware version 25010801.
The issue is addressed by requiring a mandatory password change on first login, it is still recommended to change the password on older models.
Likelihood: Moderate – The attacker will first have to abuse a code execution or file inclusion vulnerability (for example by using <redacted>.sh) to gain access to the <redacted>.json file, or obtain a firmware dump of the charging station or obtain the firmware via other channels.
Impact: Critical – All chargers using Iocharger firmware for AC models started with the same initial password. For models with firmware version before 25010801 a password change was not mandatory. It is therefore very likely that this firmware password is still active on many chargers. These credentials could, once obtained, allow an attacker to log into many Iocharger charging station, and allow them to execute arbitrary commands via the System → Custom page.
CVSS clarification: Any network interface serving the web ui is vulnerable (AV:N) and there are not additional security measures to circumvent (AC:L), nor does the attack require and existing preconditions (AT:N). The attack is authenticated, and requires high privileges (PR:H), there is no user interaction required (UI:N). The attack leads to a compromised of the confidentialy of the "super user" credentials of the device (VC:H/VI:N/VA:N), and can subsequently be used to full compromise and other devices (SC:H/SI:H/SA:H). Becuase this is an EV charger handing significant power, there is a potential safety impact (S:P). This attack can be automated (AU:Y).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Iocharger | Iocharger firmware for AC models |
Version: 0 < 25010801 |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-43659",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-09T14:48:10.199874Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T14:48:39.535Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Iocharger firmware for AC models",
"vendor": "Iocharger",
"versions": [
{
"lessThan": "25010801",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wilco van Beijnum"
},
{
"lang": "en",
"type": "analyst",
"value": "Harm van den Brink (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Frank Breedijk (DIVD)"
}
],
"datePublic": "2025-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "After gaining access to the firmware of a charging station, a file at \u0026lt;redacted\u0026gt; can be accessed to obtain default credentials that are the same across all Iocharger AC model EV chargers.\u003cbr\u003e\u003cbr\u003eThis issue affects Iocharger firmware for AC models before firmware version 25010801. \u003cbr\u003e\u003cbr\u003eThe issue is addressed by requiring a mandatory password change on first login, it is still recommended to change the password on older models.\u003cbr\u003e\u003cbr\u003eLikelihood: Moderate \u2013 The attacker will first have to abuse a code execution or file inclusion vulnerability (for example by using \u0026lt;redacted\u0026gt;.sh) to gain access to the \u0026lt;redacted\u0026gt;.json file, or obtain a firmware dump of the charging station or obtain the firmware via other channels.\u003cbr\u003e\u003cbr\u003eImpact: Critical \u2013 All chargers using Iocharger firmware for AC models started with the same initial password. For models with firmware version before 25010801 a password change was not mandatory. It is therefore very likely that this firmware password is still active on many chargers. These credentials could, once obtained, allow an attacker to log into many Iocharger charging station, and allow them to execute arbitrary commands via the System \u2192 Custom page.\u003cbr\u003e\u003cbr\u003eCVSS clarification: Any network interface serving the web ui is vulnerable (AV:N) and there are not additional security measures to circumvent (AC:L), nor does the attack require and existing preconditions (AT:N). The attack is authenticated, and requires high privileges (PR:H), there is no user interaction required (UI:N). The attack leads to a compromised of the confidentialy of the \"super user\" credentials of the device (VC:H/VI:N/VA:N), and can subsequently be used to full compromise and other devices (SC:H/SI:H/SA:H). Becuase this is an EV charger handing significant power, there is a potential safety impact (S:P). This attack can be automated (AU:Y).\u003cbr\u003e"
}
],
"value": "After gaining access to the firmware of a charging station, a file at \u003credacted\u003e can be accessed to obtain default credentials that are the same across all Iocharger AC model EV chargers.\n\nThis issue affects Iocharger firmware for AC models before firmware version 25010801. \n\nThe issue is addressed by requiring a mandatory password change on first login, it is still recommended to change the password on older models.\n\nLikelihood: Moderate \u2013 The attacker will first have to abuse a code execution or file inclusion vulnerability (for example by using \u003credacted\u003e.sh) to gain access to the \u003credacted\u003e.json file, or obtain a firmware dump of the charging station or obtain the firmware via other channels.\n\nImpact: Critical \u2013 All chargers using Iocharger firmware for AC models started with the same initial password. For models with firmware version before 25010801 a password change was not mandatory. It is therefore very likely that this firmware password is still active on many chargers. These credentials could, once obtained, allow an attacker to log into many Iocharger charging station, and allow them to execute arbitrary commands via the System \u2192 Custom page.\n\nCVSS clarification: Any network interface serving the web ui is vulnerable (AV:N) and there are not additional security measures to circumvent (AC:L), nor does the attack require and existing preconditions (AT:N). The attack is authenticated, and requires high privileges (PR:H), there is no user interaction required (UI:N). The attack leads to a compromised of the confidentialy of the \"super user\" credentials of the device (VC:H/VI:N/VA:N), and can subsequently be used to full compromise and other devices (SC:H/SI:H/SA:H). Becuase this is an EV charger handing significant power, there is a potential safety impact (S:P). This attack can be automated (AU:Y)."
}
],
"impacts": [
{
"capecId": "CAPEC-653",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-653: Use of Known Operating System Credentials"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "NOT_DEFINED",
"Safety": "PRESENT",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/S:P/AU:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256 Plaintext Storage of a Password",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1391",
"description": "CWE-1391 Use of Weak Credentials",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1393",
"description": "CWE-1393 Use of Default Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T07:56:45.847Z",
"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"shortName": "DIVD"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://csirt.divd.nl/DIVD-2024-00035/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://csirt.divd.nl/CVE-2024-43659/"
},
{
"tags": [
"product"
],
"url": "https://iocharger.com"
}
],
"source": {
"advisory": "DIVD-2024-00035",
"discovery": "EXTERNAL"
},
"title": "Plaintext default credentials in firmware",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"assignerShortName": "DIVD",
"cveId": "CVE-2024-43659",
"datePublished": "2025-01-09T07:56:45.847Z",
"dateReserved": "2024-08-14T09:27:41.769Z",
"dateUpdated": "2025-01-09T14:48:39.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-43659\",\"sourceIdentifier\":\"csirt@divd.nl\",\"published\":\"2025-01-09T08:15:29.060\",\"lastModified\":\"2025-01-09T15:15:17.523\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"After gaining access to the firmware of a charging station, a file at \u003credacted\u003e can be accessed to obtain default credentials that are the same across all Iocharger AC model EV chargers.\\n\\nThis issue affects Iocharger firmware for AC models before firmware version 25010801. \\n\\nThe issue is addressed by requiring a mandatory password change on first login, it is still recommended to change the password on older models.\\n\\nLikelihood: Moderate \u2013 The attacker will first have to abuse a code execution or file inclusion vulnerability (for example by using \u003credacted\u003e.sh) to gain access to the \u003credacted\u003e.json file, or obtain a firmware dump of the charging station or obtain the firmware via other channels.\\n\\nImpact: Critical \u2013 All chargers using Iocharger firmware for AC models started with the same initial password. For models with firmware version before 25010801 a password change was not mandatory. It is therefore very likely that this firmware password is still active on many chargers. These credentials could, once obtained, allow an attacker to log into many Iocharger charging station, and allow them to execute arbitrary commands via the System \u2192 Custom page.\\n\\nCVSS clarification: Any network interface serving the web ui is vulnerable (AV:N) and there are not additional security measures to circumvent (AC:L), nor does the attack require and existing preconditions (AT:N). The attack is authenticated, and requires high privileges (PR:H), there is no user interaction required (UI:N). The attack leads to a compromised of the confidentialy of the \\\"super user\\\" credentials of the device (VC:H/VI:N/VA:N), and can subsequently be used to full compromise and other devices (SC:H/SI:H/SA:H). Becuase this is an EV charger handing significant power, there is a potential safety impact (S:P). This attack can be automated (AU:Y).\"},{\"lang\":\"es\",\"value\":\"Despu\u00e9s de obtener acceso al firmware de una estaci\u00f3n de carga, se puede acceder a un archivo en para obtener credenciales predeterminadas que son las mismas en todos los cargadores EV del modelo AC de Iocharger. Este problema afecta al firmware de Iocharger para los modelos AC anteriores a la versi\u00f3n de firmware 25010801. El problema se soluciona al requerir un cambio de contrase\u00f1a obligatorio en el primer inicio de sesi\u00f3n, a\u00fan se recomienda cambiar la contrase\u00f1a en los modelos m\u00e1s antiguos. Probabilidad: moderada: el atacante primero tendr\u00e1 que aprovechar una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo o inclusi\u00f3n de archivo (por ejemplo, utilizando .sh) para obtener acceso al archivo .json u obtener un volcado de firmware de la estaci\u00f3n de carga u obtener el firmware a trav\u00e9s de otros canales. Impacto: cr\u00edtico: todos los cargadores que usan el firmware de Iocharger para los modelos AC comenzaron con la misma contrase\u00f1a inicial. Para los modelos con la versi\u00f3n de firmware anterior a 25010801, no era obligatorio un cambio de contrase\u00f1a. Por lo tanto, es muy probable que esta contrase\u00f1a de firmware a\u00fan est\u00e9 activa en muchos cargadores. Estas credenciales podr\u00edan, una vez obtenidas, permitir a un atacante iniciar sesi\u00f3n en muchas estaciones de carga de Iocharger y permitirles ejecutar comandos arbitrarios a trav\u00e9s de la p\u00e1gina Sistema ? Personalizado. Aclaraci\u00f3n de CVSS: Cualquier interfaz de red que sirva a la interfaz de usuario web es vulnerable (AV:N) y no hay medidas de seguridad adicionales para eludirla (AC:L), ni el ataque requiere condiciones previas existentes (AT:N). El ataque est\u00e1 autenticado y requiere privilegios altos (PR:H), no se requiere interacci\u00f3n del usuario (UI:N). El ataque lleva a comprometer la confidencialidad de las credenciales de \\\"superusuario\\\" del dispositivo (VC:H/VI:N/VA:N), y posteriormente puede usarse para comprometer por completo otros dispositivos (SC:H/SI:H/SA:H). Debido a que se trata de un cargador de veh\u00edculos el\u00e9ctricos que gestiona una energ\u00eda significativa, existe un posible impacto en la seguridad (S:P). Este ataque puede automatizarse (AU:Y).\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"csirt@divd.nl\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:N/R:X/V:X/RE:X/U:X\",\"baseScore\":8.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"vulnerableSystemConfidentiality\":\"HIGH\",\"vulnerableSystemIntegrity\":\"NONE\",\"vulnerableSystemAvailability\":\"NONE\",\"subsequentSystemConfidentiality\":\"HIGH\",\"subsequentSystemIntegrity\":\"HIGH\",\"subsequentSystemAvailability\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirements\":\"NOT_DEFINED\",\"integrityRequirements\":\"NOT_DEFINED\",\"availabilityRequirements\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnerableSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedVulnerableSystemIntegrity\":\"NOT_DEFINED\",\"modifiedVulnerableSystemAvailability\":\"NOT_DEFINED\",\"modifiedSubsequentSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedSubsequentSystemIntegrity\":\"NOT_DEFINED\",\"modifiedSubsequentSystemAvailability\":\"NOT_DEFINED\",\"safety\":\"PRESENT\",\"automatable\":\"NO\",\"recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"csirt@divd.nl\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-256\"},{\"lang\":\"en\",\"value\":\"CWE-1391\"},{\"lang\":\"en\",\"value\":\"CWE-1393\"}]}],\"references\":[{\"url\":\"https://csirt.divd.nl/CVE-2024-43659/\",\"source\":\"csirt@divd.nl\"},{\"url\":\"https://csirt.divd.nl/DIVD-2024-00035/\",\"source\":\"csirt@divd.nl\"},{\"url\":\"https://iocharger.com\",\"source\":\"csirt@divd.nl\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.