Primary

Context

Schneider Electric EVLink WallBox OS Command Injection Vulnerability Allowing Remote Control

Vulnerability

An OS command injection vulnerability has been identified in the Schneider Electric EVLink WallBox, all versions. This vulnerability allows remote control over the charging station when an authenticated user modifies configuration parameters on the web server.

Impact

Exploitation of this vulnerability could lead to unauthorized remote control of the charging station.

Remediation

The EVLink WallBox has reached its end of life and is no longer supported. Customers are advised to upgrade to the EVLink Pro AC. For those who continue to use the WallBox, it is recommended to implement network segmentation, block unauthorized access to HTTP ports, choose strong passwords, and change them periodically.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

4.9

remediation

7.9

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

4.9

remediation

7.9

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Schneider Electric EVLink WallBox OS Command Injection Vulnerability Allowing Remote Control

Vulnerability

Impact

Remediation

Affected Products

Schneider Electric EVLink WallBox

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating