^{CVE-2021-22774:}Schneider Electric EVlink Charging Stations Vulnerable to Password Hash Attacks

Overview

The vulnerability (CVE-2021-22774) exists in Schneider Electric's electric vehicle charging stations where user passwords are stored using a one-way hash function without incorporating a salt value. This implementation weakness allows attackers to use pre-computed hash tables, rainbow tables, or dictionary attacks to potentially recover user credentials. Affected products include:

• EVlink City (models EVC1S22P4 and EVC1S7P4) all versions prior to R8 V3.4.0.1
• EVlink Parking (models EVW2, EVF2, and EV.2) all versions prior to R8 V3.4.0.1
• EVlink Smart Wallbox (model EVB1A) all versions prior to R8 V3.4.0.1

If exploited, this vulnerability could allow attackers to gain unauthorized access to charging station management interfaces and potentially disrupt charging operations or access sensitive information.

Remediation

To address this vulnerability, Schneider Electric recommends the following actions:

1. Update all affected charging stations to firmware version R8 V3.4.0.1 or later, which implements proper password hashing with salt.
2. Until updates can be applied, consider the following mitigations:
   • Use strong, complex passwords that would be resistant to dictionary attacks
   • Limit network access to the charging station management interfaces
   • Monitor for suspicious login attempts or unauthorized access
   • Consider implementing additional network security controls like firewalls or VPNs to protect charging infrastructure

Contact Schneider Electric customer support for assistance with firmware updates or additional security guidance.

References

• Schneider Electric Security Advisory: http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06
• CWE-759: Use of a One-Way Hash without a Salt - https://cwe.mitre.org/data/definitions/759.html
• CWE-916: Use of Password Hash With Insufficient Computational Effort - https://cwe.mitre.org/data/definitions/916.html