Skip to main content

CVE-2025-48416: CWE-912 Hidden Functionality in eCharge Hardy Barth cPH2 / cPP2 charging stations

High
VulnerabilityCVE-2025-48416cvecve-2025-48416cwe-912
Published: Wed May 21 2025 (05/21/2025, 12:15:02 UTC)
Source: CVE
Vendor/Project: eCharge Hardy Barth
Product: cPH2 / cPP2 charging stations

Description

An OpenSSH daemon listens on TCP port 22. There is a hard-coded entry in the "/etc/shadow" file in the firmware image for the "root" user. However, in the default SSH configuration the "PermitRootLogin" is disabled, preventing the root user from logging in via SSH. This configuration can be bypassed/changed by an attacker through multiple paths though.

AI-Powered Analysis

AILast updated: 07/07/2025, 04:40:02 UTC

Technical Analysis

CVE-2025-48416 is a high-severity vulnerability affecting eCharge Hardy Barth cPH2 and cPP2 electric vehicle charging stations running firmware versions up to 2.2.0. The vulnerability arises from a hidden functionality issue (CWE-912) where the OpenSSH daemon listens on TCP port 22 and a hard-coded root user entry exists in the "/etc/shadow" file within the firmware image. Although the default SSH configuration disables root login via the "PermitRootLogin" setting, this restriction can be bypassed or altered by an attacker through multiple attack vectors, enabling unauthorized root access. This effectively allows an unauthenticated remote attacker to gain full control over the charging station systems. The vulnerability has a CVSS 3.1 base score of 8.1, reflecting high impact on confidentiality, integrity, and availability, with network attack vector, no privileges required, and no user interaction needed. The presence of a hard-coded root credential combined with the ability to modify SSH configuration remotely or locally creates a critical security risk. Exploitation could lead to complete system compromise, enabling attackers to manipulate charging operations, disrupt service availability, or use the compromised devices as footholds for lateral movement within critical infrastructure networks. No known exploits are reported in the wild yet, but the vulnerability is publicly disclosed and should be treated with urgency.

Potential Impact

For European organizations, especially those operating electric vehicle charging infrastructure, this vulnerability poses significant operational and security risks. Compromise of charging stations could disrupt EV charging services, impacting transportation and mobility sectors reliant on these facilities. Confidentiality breaches could expose sensitive operational data or network credentials, while integrity violations might allow attackers to alter charging parameters, potentially causing physical damage or safety hazards. Availability impacts could lead to denial of service, affecting end-users and damaging organizational reputation. Additionally, compromised charging stations could serve as entry points for attackers targeting broader corporate or critical infrastructure networks, increasing the risk of large-scale cyber incidents. Given Europe's strong push towards EV adoption and smart grid integration, such vulnerabilities undermine trust in essential green energy infrastructure and could have cascading effects on energy management and transportation systems.

Mitigation Recommendations

Organizations should immediately verify firmware versions on all eCharge Hardy Barth cPH2 and cPP2 charging stations and prioritize upgrading to patched versions once available. Until patches are released, network segmentation should be enforced to isolate charging stations from critical internal networks, limiting exposure to potential attackers. Implement strict firewall rules to restrict access to TCP port 22 only to trusted management hosts and consider disabling SSH access entirely if remote management is not required. Regularly audit device configurations to detect unauthorized changes to SSH settings, particularly the "PermitRootLogin" parameter. Employ network intrusion detection systems (NIDS) to monitor for anomalous SSH connection attempts or configuration modification activities. Additionally, enforce strong physical security controls to prevent local tampering with devices. Collaborate with the vendor for timely updates and guidance, and consider deploying compensating controls such as multi-factor authentication for device management interfaces if supported. Finally, integrate these devices into broader vulnerability management and incident response processes to ensure rapid detection and remediation of exploitation attempts.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
SEC-VLab
Date Reserved
2025-05-20T07:34:22.865Z
Cisa Enriched
false
Cvss Version
null
State
PUBLISHED

Threat ID: 682dc591c4522896dcbfc975

Added to database: 5/21/2025, 12:22:41 PM

Last enriched: 7/7/2025, 4:40:02 AM

Last updated: 8/13/2025, 10:33:46 AM

Views: 15

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats