S4E

CVE-2023-46359 Scanner

CVE-2023-46359 Scanner - OS Command Injection vulnerability in cPH2 Charging Station

Short Info


Level

Critical

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

13 days 22 hours

Scan only one

URL

Toolbox

-

The cPH2 Charging Station, developed by Hardy Barth, is widely used in the electric vehicle industry to manage and facilitate the scanning and demand of charge stations. Aimed at service providers, businesses, and residential users, it ensures efficient energy distribution. The software's robust interface supports different user capabilities and integrates seamlessly with various IT infrastructure systems, making it a choice for smart charging solutions. Its expansion options and connectivity with automation technologies provide efficient charging operations. By improving user interaction and energy management, it also supports eco-friendly initiatives.

The OS Command Injection vulnerability found in cPH2 Charging Station allows attackers to execute arbitrary commands on the host system. This critical flaw resides in the system's connectivity check feature, which lacks proper sanitization of input parameters, thus allowing arbitrary command execution. An unauthenticated attacker can leverage this to gain control over the system. This vulnerability threatens the integrity and availability of the charge station infrastructure. As attackers can execute system-level commands, it poses a severe risk.

Technically, the vulnerability is concentrated on a particular endpoint designed to verify system connections. An insecure handling of input in the ‘connectioncheck.php’ script allows attackers to append crafted arguments leading to remote command execution. The attack vector is primarily an unauthenticated remote request, exploiting improper input validation within the connectivity function. Using command concatenation techniques, attackers can manipulate responses by executing their commands. The endpoint's weak input filtering contributes to this exploitable vulnerability.

Attackers exploiting this flaw can achieve complete control over affected systems, possibly disrupting operations, exfiltrating sensitive data, or launching further attacks. Systems become vulnerable to data integrity breaches, loss of confidentiality, and service disruptions. Attackers could pivot from this access to other parts of a network, leading to more extensive organizational impacts. Losing control over the critical infrastructure of charging stations could result in both operational downtime and significant financial damages.

REFERENCES

Get started to protecting your Free Full Security Scan