Matthew Waddell

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: An unauthenticated remote attacker can use MQTT messages to crash a service on charging stations complying with German Calibration Law, resulting in a temporary denial-of-service for these stations until they are restarted by the watchdog. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: An unauthenticated remote attacker can use MQTT messages to trigger out-of-bounds writes in charging stations complying with German Calibration Law. This results in a loss of integrity for EichrechtAgents and a potential denial-of-service for these stations. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A physical attacker with access to the device display via USB-C can send a message to the device, triggering an unsecure copy to a buffer. This results in a loss of integrity and a temporary denial-of-service for the stations until they are restarted by the watchdog. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to root due to improper input validation. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate privileges to root. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.