Use of hardcoded credentials in EVLink Parking

#VU16682 Use of hardcoded credentials in EVLink Parking

Published: 2018-12-25

Vulnerability identifier: #VU16682

Vulnerability risk: Low

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-7800

CWE-ID: CWE-798

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
EVLink Parking
Hardware solutions / Firmware

Vendor: Schneider Electric

Description
The vulnerability allows a remote attacker to gain elevated privileges.

The weakness exists due to use of hard-coded credentials. A remote attacker can use such credentials to gain elevated privileges on the device.

Mitigation
Install update from vendor's website.

Vulnerable software versions

EVLink Parking: All versions

External links
http://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD...

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Schneider Electric EVLink Parking