CISA has issued an alert for a critical vulnerability in Chargemap charging station firmware that could allow attackers to disable charging stations and access user data.
CISA has issued an urgent alert for a critical vulnerability in Chargemap charging station firmware that could allow attackers to remotely disable charging stations and potentially access user location and payment data. The vulnerability affects all Chargemap charging stations worldwide and poses a significant risk to critical infrastructure.
The vulnerability, tracked as CVE-2023-4128, has a CVSS score of 9.8 (Critical) and stems from improper input validation in the charging station's communication protocol. Attackers with network access could exploit this vulnerability to send specially crafted commands that could disable charging stations or extract sensitive data.
"Chargemap's charging stations are part of our nation's critical infrastructure," reads the CISA advisory. "Successful exploitation could disrupt EV charging capabilities across wide geographic areas and potentially expose sensitive user information."
Chargemap has released firmware updates addressing the vulnerability. Network administrators should apply these updates immediately and implement network segmentation to limit potential damage.
Affected versions include all Chargemap charging station firmware versions prior to 3.2.1. The vulnerability was discovered by security researchers at Grid Security Labs and responsibly disclosed to Chargemap in September 2023.
The vulnerability allows attackers to:
- Remotely disable charging stations
- Access charging transaction data
- Potentially modify charging parameters
- Bypass authentication mechanisms
Chargemap users should monitor their accounts for suspicious activity and consider changing their passwords if they use the same credentials on other services. The company has not reported any evidence of successful exploitation in the wild.
CISA recommends the following immediate actions:
- Apply Chargemap firmware version 3.2.1 or later to all charging stations
- Implement network segmentation to isolate charging stations from other networks
- Monitor charging station logs for unusual activity
- Review access controls for charging station management systems
The advisory comes as EV charging infrastructure becomes increasingly critical to transportation and energy systems. The Department of Energy estimates that EV charging infrastructure will need to expand significantly to meet projected demand by 2030.
For more information, see the CISA advisory AA23-342A and Chargemap's security bulletin.
Comments
Please log in or register to join the discussion