CVE-2023-29114
📋 TL;DR
This vulnerability allows unauthenticated attackers to access system logs through the web management interface, exposing sensitive credentials and configuration details. It affects Enel X Waybox 3 EV chargers with vulnerable firmware versions. Attackers can steal Wi-Fi, APN, IPSEC, and web interface credentials stored in plaintext logs.
💻 Affected Systems
- Enel X Waybox 3 EV Charger
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of the EV charger, allowing attackers to steal all stored credentials, reconfigure the device, disrupt charging operations, and potentially pivot to connected networks.
Likely Case
Credential theft leading to unauthorized access to the web interface, Wi-Fi networks, and backend systems, potentially enabling further attacks on the charging infrastructure.
If Mitigated
Limited information disclosure if proper network segmentation and access controls prevent external access to the web management interface.
🎯 Exploit Status
Exploitation requires network access to the web management interface. No authentication is needed to access the vulnerable log endpoint.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Firmware version with June 2024 security update
Vendor Advisory: https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf
Restart Required: Yes
Instructions:
1. Download the latest firmware from Enel X support portal. 2. Log into the web management interface. 3. Navigate to System > Firmware Update. 4. Upload and apply the firmware update. 5. Reboot the device after installation completes.
🔧 Temporary Workarounds
Disable Web Management Interface
allTemporarily disable the web management interface to prevent external access while awaiting patch.
Connect via SSH/Telnet if available and disable web service
Check device documentation for specific disable commands
Network Segmentation
allIsolate EV chargers on a separate VLAN with strict firewall rules blocking external access to management interfaces.
Configure firewall to block port 80/443 to charger management IPs from untrusted networks
🧯 If You Can't Patch
- Implement strict network access controls to limit web interface access to authorized IP addresses only
- Regularly monitor and rotate all credentials stored in the system logs
🔍 How to Verify
Check if Vulnerable:
Attempt to access /logs or similar log endpoints via the web interface without authentication. If logs containing credentials are accessible, the system is vulnerable.Check Version:
Check firmware version in web interface under System > About or via SSH if availableVerify Fix Applied:
After patching, attempt the same log access. Access should be denied or logs should no longer contain sensitive credentials in plaintext.📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to log endpoints
- Multiple failed authentication attempts followed by log access
Network Indicators:
- Unusual HTTP GET requests to /logs or similar paths from external IPs
- Traffic patterns indicating credential extraction
SIEM Query:
source="web_server" AND (url_path="/logs" OR url_path CONTAINS "log") AND http_method="GET" AND user_agent NOT IN allowed_user_agents