CVE-2024-11666 – This vulnerability allows remote unauthenticate... (How to Fix)

📋 TL;DR

This vulnerability allows remote unauthenticated attackers positioned between EV chargers and eCharge cloud infrastructure to execute arbitrary commands with elevated privileges on affected devices. The issue stems from disabled peer verification in cloud communication channels. This affects EV charging stations running vulnerable eCharge firmware versions.

💻 Affected Systems

Products:

eCharge EV charging controllers

Versions: through 2.0.4

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices communicating with eCharge cloud infrastructure are vulnerable in default configuration.

📦 What is this software?

Salia Plcc Firmware by Echarge

View all CVEs affecting Salia Plcc Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of EV charging infrastructure allowing attackers to disable charging, manipulate billing, cause electrical damage, or use devices as network footholds.

🟠

Likely Case

Attackers intercepting communications to execute commands that disrupt charging operations, steal user data, or manipulate charging parameters.

🟢

If Mitigated

Limited impact if network segmentation isolates chargers and proper TLS verification is enforced.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network positioning between device and cloud, but no authentication or special tools needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Contact eCharge vendor for patched firmware
2. Backup configuration
3. Apply firmware update
4. Verify TLS/SSL peer verification is enabled

🔧 Temporary Workarounds

Network segmentation

all

Isolate EV charging controllers from untrusted networks

TLS enforcement

all

Configure network devices to enforce TLS with certificate validation

🧯 If You Can't Patch

Segment charging network completely from other corporate networks
Implement strict firewall rules allowing only necessary cloud communications with certificate pinning

🔍 How to Verify

Check if Vulnerable:

Check firmware version on charging controller via management interface

Check Version:

Device-specific command via management interface

Verify Fix Applied:

Verify firmware version is above 2.0.4 and test TLS handshake with certificate validation

📡 Detection & Monitoring

Log Indicators:

Unexpected command execution logs
Failed TLS handshake attempts
Unusual cloud communication patterns

Network Indicators:

Unencrypted or improperly authenticated cloud communications
MITM attack patterns between charger and cloud

SIEM Query:

Search for failed TLS certificate validation events from charging controller IPs

📊 Metadata

CVE ID: CVE-2024-11666

CVSS v3 Score: 9.0 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-345

Published: November 24, 2024

Last Updated: December 3, 2024

🔗 References

https://www.onekey.com/resource/critical-vulnerabilities-in-ev-charging-stations-analysis-of-echarge-controllers Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-11666, you might also want to check these: