CVE-2024-23968
📋 TL;DR
This buffer overflow vulnerability in ChargePoint Home Flex charging stations allows network-adjacent attackers to execute arbitrary code as root without authentication. The flaw exists in the SrvrToSmSetAutoChnlListMsg function where user-supplied data length isn't validated before copying to a fixed buffer. All ChargePoint Home Flex charging stations with vulnerable firmware are affected.
💻 Affected Systems
- ChargePoint Home Flex charging stations
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of charging station with root-level code execution, allowing attackers to disable charging, manipulate billing, access connected networks, or use the device as a foothold for lateral movement.
Likely Case
Remote code execution leading to charging disruption, data theft from the device, or use as a network pivot point.
If Mitigated
Limited impact if devices are isolated on separate VLANs with strict network segmentation and access controls.
🎯 Exploit Status
No authentication required, but network adjacency needed. Buffer overflow exploitation requires crafting specific network packets.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified in CVE description - check vendor advisory
Vendor Advisory: https://www.zerodayinitiative.com/advisories/ZDI-24-1050/
Restart Required: No
Instructions:
1. Check ChargePoint vendor advisory for patched firmware version. 2. Update charging station firmware through ChargePoint management interface. 3. Verify update completion and functionality.
🔧 Temporary Workarounds
Network Segmentation
allIsolate charging stations on separate VLAN with strict firewall rules limiting communication to management systems only.
Access Control Lists
allImplement network ACLs to restrict which devices can communicate with charging stations.
🧯 If You Can't Patch
- Segment charging stations on isolated network with no internet access
- Implement strict firewall rules blocking all unnecessary traffic to charging stations
🔍 How to Verify
Check if Vulnerable:
Check firmware version against vendor's vulnerable version list. Monitor for unexpected network traffic to charging stations.Check Version:
Check through ChargePoint management interface or mobile app for firmware version information.Verify Fix Applied:
Confirm firmware version matches patched version from vendor advisory. Test charging functionality remains operational.📡 Detection & Monitoring
Log Indicators:
- Unexpected reboots
- Failed firmware update attempts
- Unusual network connections
Network Indicators:
- Unusual traffic patterns to charging stations
- Malformed packets targeting port used by SrvrToSmSetAutoChnlListMsg function
SIEM Query:
source_ip IN (charging_station_ips) AND (packet_size > normal_threshold OR protocol_anomaly = true)