Description

The .so library, which is used by , is
vulnerable to a buffer overflow in the code that handles the deletion
of certificates. This buffer overflow can be triggered by providing a
long file path to the action of the .exe CGI binary or
to the .sh CGI script. This binary or script will write this
file path to , which is then
read by .so

This issue affects Iocharger firmware for AC models before version 24120701.

Likelihood: Moderate – An attacker will have to find this exploit by
either obtaining the binaries involved in this vulnerability, or by trial
and error. Furthermore, the attacker will need a (low privilege)
account to gain access to the .exe CGI binary or .sh
script to trigger the vulnerability, or convince a user with such access
send an HTTP request that triggers it.

Impact: High – The process, which we assume is
responsible for OCPP communication, will keep crashing after
performing the exploit. This happens because the buffer overflow
causes the process to segfault before
is removed. This means that,
even though is automatically restarted, it will crash
again as soon as it tries to parse the text file.

CVSS clarification. The attack can be executed over any network connection the station is listening to and serves the web interface (AV:N), and there are no additional security measure sin place that need to be circumvented (AC:L), the attack does not rely on preconditions (AT:N). The attack does require authentication, but the level of authentication is ...

Classification

CVE ID: CVE-2024-43661

CVSS Base Severity: HIGH

CVSS Base Score: 7.1

Affected Products

Vendor: Iocharger

Product: Iocharger firmware for AC models

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 17.82% (scored less or equal to compared to others)

EPSS Date: 2025-02-07 (when was this score calculated)

References

https://csirt.divd.nl/DIVD-2024-00035/
https://csirt.divd.nl/CVE-2024-43661/
https://iocharger.com

Timeline