CyberSecurityBoard
Sponsor Register Login

alpitronic Hypercharger EV Charger

RISK EVALUATION. Successful exploitation of this vulnerability could result in an attacker disabling the device, bypassing payment, or accessing payment data.
If misconfigured, the charging devices can expose a web interface protected by authentication.
If the default credentials are not changed, an attacker can use public knowledge to access the device as an administrator.
MITIGATIONS. alpitronic recommends users change the default credentials for all charging devices.
When informed of these vulnerabilities, alpitronic, in conjunction with and/or on behalf of affected clients, disabled the interface on any exposed devices and all clients were contacted directly and reminded that the interface is not intended to be visible on the public Internet and that default passwords should be changed.
Alpitronic are also applying mitigations to all devices in the field and to new devices in production.
Devices using the default password will be automatically assigned new unique passwords, or at first access if the device has not yet been installed.
Devices with the default passwords already changed will not be affected.
New passwords can be obtained by scanning the QR-Code inside the charger or in DMS portal hyperdoc.
Contact Hypercharger support with any questions about newly assigned passwords.
Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
Also recognize VPN is only as secure as the connected devices.
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.
Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.


This Cyber News was published on www.cisa.gov. Publication date: Thu, 09 May 2024 15:35:09 +0000


Cyber News related to alpitronic Hypercharger EV Charger

alpitronic Hypercharger EV Charger - RISK EVALUATION. Successful exploitation of this vulnerability could result in an attacker disabling the device, bypassing payment, or accessing payment data. If misconfigured, the charging devices can expose a web interface protected by ...
1 month ago Cisa.gov
VoltSchemer attacks use wireless chargers to inject voice commands, fry phones - A team of academic researchers show that a new set of attacks called 'VoltSchemer' can inject voice commands to manipulate a smartphone's voice assistant through the magnetic field emitted by an off-the-shelf wireless charger. VoltSchemer can also be ...
4 months ago Bleepingcomputer.com
CVE-2024-35986 - In the Linux kernel, the following vulnerability has been resolved: ...
1 month ago
CVE-2024-4622 - If misconfigured, alpitronic Hypercharger EV charging devices can expose a web interface ...
1 month ago
Risk of Denial of Service Attacks on Electric Vehicle Charging Stations - Recent studies have shown that 5.8 percent of all vehicles sold in 2022 will be electric, which is a large number considering the newness of the technology. Hackers are taking note of this and any potential vulnerabilities related to electric ...
1 year ago Hackread.com
CVE-2017-5622 - With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Therefore, a malicious charger or a physical attacker can open up, without authorization, an ADB session with the ...
4 years ago
CVE-2021-47331 - In the Linux kernel, the following vulnerability has been resolved: usb: common: usb-conn-gpio: fix NULL pointer dereference of charger When power on system with OTG cable, IDDIG's interrupt arises before the charger registration, it will cause a ...
1 month ago Tenable.com
Vulnerabilities in Electric Vehicle Charging Systems Enable Interference and Unauthorized Use of Power. - Researchers have warned that many electric vehicle charging management systems are vulnerable to attack, which could allow hackers to cause disruption, steal energy, or access driver information. The security flaws were discovered by SaiFlow, an ...
1 year ago Securityweek.com
CVE-2021-22820 - A CWE-614 Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain an unauthorized access over a hijacked session to the charger station web server even after the legitimate user account holder has changed his ...
2 years ago
CVE-2018-21061 - An issue was discovered on Samsung mobile devices with N(7.1) and O(8.x) software. A fake charger can execute critical functions in the locked state. The Samsung ID is SVE-2016-6341 (August 2018). ...
4 years ago
CVE-2019-15069 - An unsafe authentication interface was discovered in Smart Battery A4, a multifunctional portable charger, firmware version ?< r1.7.9 . An attacker can bypass authentication without modifying device file and gain web page management privilege. ...
3 years ago
CVE-2019-15067 - An authentication bypass vulnerability discovered in Smart Battery A2-25DE, a multifunctional portable charger, firmware version ?< SECFS-2013-10-16-13:42:58-629c30ee-60c68be6. An attacker can bypass authentication and gain privilege by modifying ...
3 years ago
CVE-2019-15068 - A broken access control vulnerability in Smart Battery A4, a multifunctional portable charger, firmware version ?< r1.7.9 allows an attacker to get/reset administrator’s password without any authentication. ...
3 years ago
CVE-2021-25395 - A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised. ...
3 years ago
CVE-2021-25394 - A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio privilege is compromised. ...
3 years ago
CVE-2010-0103 - UsbCharger.dll in the Energizer DUO USB battery charger software contains a backdoor that is implemented through the Arucer.dll file in the %WINDIR%\system32 directory, which allows remote attackers to download arbitrary programs onto a Windows PC, ...
14 years ago
CVE-2022-0878 - Electric Vehicle (EV) commonly utilises the Combined Charging System (CCS) for DC rapid charging. To exchange important messages such as the State of Charge (SoC) with the Electric Vehicle Supply Equipment (EVSE) CCS uses a high-bandwidth IP link ...
2 years ago
CVE-2023-30772 - The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device. ...
1 year ago
Securing the Electric Vehicle Charging Infrastructure - Because EVs can travel only a limited distance on a charge, having charging stations nearby is non-negotiable. Unless you live in the middle of absolute nowhere, you probably don't have to worry about finding a gas station nearby, but the same isn't ...
5 months ago Feeds.fortinet.com
CVE-2024-5684 - An attacker with access to the private network (the charger is connected to) or local access to the Ethernet-Interface can exploit a faulty implementation of the JWT-library in order to bypass the password authentication to the web configuration ...
1 month ago
49 unique zero-days Uncovered in Pwn2Own Automotive - On the final day of Pwn2Own Automotive 2024 - Day 3, researchers were granted $1,323,750 in rewards for identifying 49 distinct zero-days. Particularly, the infotainment system and modem of Tesla were attacked by the Synacktiv team, and each ...
5 months ago Cybersecuritynews.com
The many ways electric cars are vulnerable to hacks, and whether that matters in a real-world - While I don't own a Tesla, I am now more invested in following the various ways attackers can take advantage of the connectivity of electric cars. They're all Wi-Fi connected so drivers can control the charging speed and timing of their cars, monitor ...
5 months ago Blog.talosintelligence.com
How to Clean Your Charging Port in 5 Easy Steps - Throughout the day, your phone accumulates debris, creating a barrier in the port and hindering a secure connection with your charger. Read on to learn how to clean a charging port in five easy steps. One of the most common causes of charging ...
5 months ago Pandasecurity.com
CVE-2021-47413 - In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: ci_hdrc_imx: Also search for 'phys' phandle When passing 'phys' in the devicetree to describe the USB PHY phandle (which is the recommended way according to ...
1 month ago Tenable.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)