Affected devices beacon to eCharge cloud infrastructure asking if there are any command they should run. This communication is established over an insecure channel since peer verification is disabled everywhere. Therefore, remote unauthenticated users suitably positioned on the network between an EV charger controller and eCharge infrastructure can execute arbitrary commands with elevated privileges on affected devices.
This issue affects cph2_echarge_firmware: through 2.0.4.
Metrics
Affected Vendors & Products
References
History
Tue, 03 Dec 2024 16:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Echarge
Echarge salia Plcc Echarge salia Plcc Firmware |
|
CPEs | cpe:2.3:h:echarge:salia_plcc:-:*:*:*:*:*:*:* cpe:2.3:o:echarge:salia_plcc_firmware:*:*:*:*:*:*:*:* |
|
Vendors & Products |
Echarge
Echarge salia Plcc Echarge salia Plcc Firmware |
Mon, 25 Nov 2024 02:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Hardy-barth
Hardy-barth cph2 Echarge Firmware |
|
CPEs | cpe:2.3:o:hardy-barth:cph2_echarge_firmware:*:*:*:*:*:*:*:* | |
Vendors & Products |
Hardy-barth
Hardy-barth cph2 Echarge Firmware |
|
Metrics |
ssvc
|
Mon, 25 Nov 2024 00:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Sun, 24 Nov 2024 23:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Sun, 24 Nov 2024 22:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Affected devices beacon to eCharge cloud infrastructure asking if there are any command they should run. This communication is established over an insecure channel since peer verification is disabled everywhere. Therefore, remote unauthenticated users suitably positioned on the network between an EV charger controller and eCharge infrastructure can execute arbitrary commands with elevated privileges on affected devices. This issue affects cph2_echarge_firmware: through 2.0.4. | |
Title | Unauthenticated Remote Command Injection in eCharge Salia PLCC | |
Weaknesses | CWE-345 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: ONEKEY
Published: 2024-11-24T22:36:59.989Z
Updated: 2024-11-25T01:28:57.027Z
Reserved: 2024-11-24T22:27:19.421Z
Link: CVE-2024-11666
Vulnrichment
Updated: 2024-11-25T01:28:53.472Z
NVD
Status : Analyzed
Published: 2024-11-24T23:15:04.030
Modified: 2024-12-03T15:40:14.907
Link: CVE-2024-11666
Redhat
No data.