PT-2024-10856 · Circontrol · Circontrol Raption
Abert Spruyt
+2
·
Published
2024-04-12
·
Updated
2024-08-01
·
CVE-2020-8006
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Circontrol Raption versions 5.11.2 and earlier
Description
The issue is a pre-authentication stack-based buffer overflow that can be exploited to gain run-time control of the device as root. The ocpp1.5 and pwrstudio binaries on the charging station lack common exploitation mitigations, including stack canaries and the Position Independent Executable (PIE) format.
Recommendations
For Circontrol Raption versions 5.11.2 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Circontrol Raption