Primary

Context

Mennekes Smart/Premium Charging Systems Command Injection Vulnerability in Time Setting

Vulnerability

A command injection vulnerability has been identified in Mennekes Smart and Premium Charging Stations, specifically in the authenticated time setting feature. This issue arises because the firmware improperly neutralizes OS commands when certain fields are transmitted to the underlying operating system, allowing for arbitrary command execution.

Impact

Exploitation of this vulnerability allows authenticated users to execute arbitrary OS commands on the charging station's firmware.

Remediation

Users are advised to update the firmware to version 2.15 or later. The latest firmware can be downloaded from the Mennekes Software Updates page.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mennekes Smart/Premium Charging Systems Command Injection Vulnerability in Time Setting

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating