admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2024/4xxx/CVE-2024-4622.json
CVE Team a7b643ae4c
"-Synchronized-Data."
2024-05-15 17:00:36 +00:00

90 lines
4.9 KiB
JSON
Raw Blame History

{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-4622",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "If misconfigured, alpitronic Hypercharger EV charging devices can expose a web interface \nprotected by authentication. If the default credentials are not changed,\n an attacker can use public knowledge to access the device as an \nadministrator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1392",
"cweId": "CWE-1392"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "alpitronic",
"product": {
"product_data": [
{
"product_name": "Hypercharger EV Charger",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all versions"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-130-02",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-130-02"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "ICSA-24-130-02",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n<p>alpitronic recommends users change the default credentials for all charging devices.</p>\n<p>alpitronic advises that the interface should be connected only to \ninternal segregated and access-controlled networks and not exposed to \nthe public internet/web.</p>\n<p>When informed of these vulnerabilities, alpitronic, in conjunction \nwith and/or on behalf of affected clients, disabled the interface on any\n exposed devices and all clients were contacted directly and reminded \nthat the interface is not intended to be visible on the public Internet \nand that default passwords should be changed.</p>\n<p>alpitronic are also applying mitigations to all devices in the field \nand to new devices in production. New devices will come with unique \npasswords. Devices using the default password will be automatically \nassigned new unique passwords, or at first access if the device has not \nyet been installed. Devices with the default passwords already changed \nwill not be affected. New passwords can be obtained by scanning the \nQR-Code inside the charger or in DMS portal hyperdoc. Contact \nHypercharger support with any questions about newly assigned passwords.</p>\n\n"
}
],
"value": "alpitronic recommends users change the default credentials for all charging devices.\n\n\nalpitronic advises that the interface should be connected only to \ninternal segregated and access-controlled networks and not exposed to \nthe public internet/web.\n\n\nWhen informed of these vulnerabilities, alpitronic, in conjunction \nwith and/or on behalf of affected clients, disabled the interface on any\n exposed devices and all clients were contacted directly and reminded \nthat the interface is not intended to be visible on the public Internet \nand that default passwords should be changed.\n\n\nalpitronic are also applying mitigations to all devices in the field \nand to new devices in production. New devices will come with unique \npasswords. Devices using the default password will be automatically \nassigned new unique passwords, or at first access if the device has not \nyet been installed. Devices with the default passwords already changed \nwill not be affected. New passwords can be obtained by scanning the \nQR-Code inside the charger or in DMS portal hyperdoc. Contact \nHypercharger support with any questions about newly assigned passwords."
}
],
"credits": [
{
"lang": "en",
"value": "Hanno B\u00f6ck reported these vulnerabilities to CISA."
}
]
}
Reference in New Issue View Git Blame Copy Permalink