Successful exploitation of these vulnerabilities could allow an attacker to gain administrator rights or execute code on the affected device.
The following versions of XCharge C6 are affected:
C6
Vendor
Equipment
XCharge
XCharge C6
Download of Code Without Integrity Check, Stack-based Buffer Overflow, Initialization of a Resource with an Insecure Default
Critical Infrastructure Sectors: Transportation Systems
Countries/Areas Deployed: Worldwide
Company Headquarters Location: United States
A firmware update mechanism in the affected charging controller fails to validate the authenticity of firmware packages delivered through the device's management interface. Because cryptographic signatures are not verified, an attacker with the ability to interfere with or impersonate the management channel could cause the device to install an unauthorized firmware package. This condition ...