PT-2025-10760 · Mennekes · Mennekes Smart / Premium Chargingpoints

Frank Breedijk

Published

2025-03-11

Updated

2025-03-11

CVE-2025-22368

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/S:N/AU:Y

Name of the Vulnerable Software and Affected Versions: Mennekes Smart / Premium Chargingpoints (affected versions not specified)

Description: The issue concerns the improper neutralization of OS commands in certain fields passed to the underlying OS, allowing for command execution through the authenticated SCU firmware command. This is due to the improper sanitization of OS commands in SCU firmware commands.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-250

Related Identifiers

CVE-2025-22368

Affected Products

Mennekes Smart / Premium Chargingpoints

PT-2025-10760 · Mennekes · Mennekes Smart / Premium Chargingpoints

CVE-2025-22368

Weakness Enumeration

Related Identifiers

Affected Products

References · 6