Primary

Context

Mennekes Smart/Premium Charging Systems SQL Injection Vulnerability in Web Configuration Interface

Vulnerability

A SQL injection vulnerability has been identified in the web configuration interface of Mennekes Smart and Premium charging stations, affecting firmware versions prior to 2.15. This vulnerability arises because user input in several fields is not properly sanitized, allowing for the execution of arbitrary SQL commands.

Impact

Exploitation of this vulnerability allows for arbitrary SQL command execution, potentially leading to unauthorized data access or manipulation within the charging station's database.

Remediation

Users are advised to update the firmware to version 2.15 or later. The latest firmware can be downloaded from the Mennekes Software Updates page.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mennekes Smart/Premium Charging Systems SQL Injection Vulnerability in Web Configuration Interface

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating