CVE-2025-7357: CWE-256 Plaintext Storage of a Password in LITEON IC48A EV Charger
LITEON IC48A firmware versions prior to 01.00.19r and LITEON IC80A firmware versions prior to 01.01.12e store FTP-server-access-credentials in cleartext in their system logs.
AI Analysis
Technical Summary
CVE-2025-7357 is a high-severity vulnerability affecting LITEON IC48A and IC80A electric vehicle (EV) chargers. Specifically, firmware versions prior to 01.00.19r for the IC48A and prior to 01.01.12e for the IC80A improperly store FTP server access credentials in plaintext within system logs. This vulnerability is categorized under CWE-256, which relates to the plaintext storage of sensitive information such as passwords. The CVSS 4.0 base score of 8.7 reflects the critical nature of this flaw, with an attack vector that is network-based (AV:N), requiring no privileges (PR:N), no user interaction (UI:N), and no authentication (AT:N). The vulnerability impacts confidentiality severely (VC:H), while integrity and availability are not affected. Because the credentials are stored in cleartext logs, an attacker who gains access to these logs can retrieve FTP credentials, potentially allowing unauthorized access to the FTP server used by the EV charger for firmware updates or data transfer. This could lead to further compromise of the device or the network it resides on. Although no known exploits are currently reported in the wild, the ease of exploitation and the criticality of the information exposed make this a significant threat. The lack of authentication and user interaction requirements means that remote attackers can exploit this vulnerability without needing prior access or user involvement. The affected products are embedded systems in EV charging infrastructure, which are increasingly critical components of smart grid and transportation networks. The plaintext storage of credentials in logs is a fundamental security design flaw, indicating insufficient protection of sensitive data within the device's firmware.
Potential Impact
For European organizations, this vulnerability poses a substantial risk to the security of EV charging infrastructure, which is rapidly expanding across the continent as part of green energy and transportation initiatives. Unauthorized access to FTP credentials could allow attackers to manipulate firmware updates, inject malicious code, or exfiltrate sensitive operational data. This could disrupt charging services, cause physical damage to equipment, or enable lateral movement within corporate or utility networks. Given the critical role of EV chargers in supporting electric mobility, exploitation could impact service availability and undermine trust in EV infrastructure. Additionally, compromised chargers could be used as entry points for broader attacks on smart grid systems or critical infrastructure, which are high-value targets in Europe. The exposure of credentials in logs also raises compliance concerns under GDPR and other data protection regulations, as it reflects inadequate security controls over sensitive information. Organizations operating or managing LITEON IC48A or IC80A chargers must consider the risk of targeted attacks, especially in sectors such as utilities, transportation, and public infrastructure.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should immediately verify the firmware versions of their LITEON IC48A and IC80A EV chargers and upgrade to versions 01.00.19r or later for IC48A and 01.01.12e or later for IC80A once available. In the absence of official patches, organizations should restrict network access to the FTP service and system logs to trusted administrators only, employing network segmentation and firewall rules to limit exposure. Monitoring and auditing access to logs should be enhanced to detect unauthorized retrieval of credentials. Organizations should also consider implementing compensating controls such as changing FTP credentials regularly and using strong, unique passwords. Where possible, replacing FTP with more secure protocols (e.g., SFTP or FTPS) is recommended to reduce the risk of credential interception. Additionally, organizations should review and harden logging configurations to avoid storing sensitive information in plaintext. Incident response plans should be updated to include detection and remediation steps for potential exploitation of this vulnerability. Finally, coordination with LITEON and relevant ICS/OT security teams is essential to ensure timely updates and vulnerability management.
Affected Countries
Germany, France, Netherlands, United Kingdom, Italy, Spain, Belgium, Sweden
CVE-2025-7357: CWE-256 Plaintext Storage of a Password in LITEON IC48A EV Charger
Description
LITEON IC48A firmware versions prior to 01.00.19r and LITEON IC80A firmware versions prior to 01.01.12e store FTP-server-access-credentials in cleartext in their system logs.
AI-Powered Analysis
Technical Analysis
CVE-2025-7357 is a high-severity vulnerability affecting LITEON IC48A and IC80A electric vehicle (EV) chargers. Specifically, firmware versions prior to 01.00.19r for the IC48A and prior to 01.01.12e for the IC80A improperly store FTP server access credentials in plaintext within system logs. This vulnerability is categorized under CWE-256, which relates to the plaintext storage of sensitive information such as passwords. The CVSS 4.0 base score of 8.7 reflects the critical nature of this flaw, with an attack vector that is network-based (AV:N), requiring no privileges (PR:N), no user interaction (UI:N), and no authentication (AT:N). The vulnerability impacts confidentiality severely (VC:H), while integrity and availability are not affected. Because the credentials are stored in cleartext logs, an attacker who gains access to these logs can retrieve FTP credentials, potentially allowing unauthorized access to the FTP server used by the EV charger for firmware updates or data transfer. This could lead to further compromise of the device or the network it resides on. Although no known exploits are currently reported in the wild, the ease of exploitation and the criticality of the information exposed make this a significant threat. The lack of authentication and user interaction requirements means that remote attackers can exploit this vulnerability without needing prior access or user involvement. The affected products are embedded systems in EV charging infrastructure, which are increasingly critical components of smart grid and transportation networks. The plaintext storage of credentials in logs is a fundamental security design flaw, indicating insufficient protection of sensitive data within the device's firmware.
Potential Impact
For European organizations, this vulnerability poses a substantial risk to the security of EV charging infrastructure, which is rapidly expanding across the continent as part of green energy and transportation initiatives. Unauthorized access to FTP credentials could allow attackers to manipulate firmware updates, inject malicious code, or exfiltrate sensitive operational data. This could disrupt charging services, cause physical damage to equipment, or enable lateral movement within corporate or utility networks. Given the critical role of EV chargers in supporting electric mobility, exploitation could impact service availability and undermine trust in EV infrastructure. Additionally, compromised chargers could be used as entry points for broader attacks on smart grid systems or critical infrastructure, which are high-value targets in Europe. The exposure of credentials in logs also raises compliance concerns under GDPR and other data protection regulations, as it reflects inadequate security controls over sensitive information. Organizations operating or managing LITEON IC48A or IC80A chargers must consider the risk of targeted attacks, especially in sectors such as utilities, transportation, and public infrastructure.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should immediately verify the firmware versions of their LITEON IC48A and IC80A EV chargers and upgrade to versions 01.00.19r or later for IC48A and 01.01.12e or later for IC80A once available. In the absence of official patches, organizations should restrict network access to the FTP service and system logs to trusted administrators only, employing network segmentation and firewall rules to limit exposure. Monitoring and auditing access to logs should be enhanced to detect unauthorized retrieval of credentials. Organizations should also consider implementing compensating controls such as changing FTP credentials regularly and using strong, unique passwords. Where possible, replacing FTP with more secure protocols (e.g., SFTP or FTPS) is recommended to reduce the risk of credential interception. Additionally, organizations should review and harden logging configurations to avoid storing sensitive information in plaintext. Incident response plans should be updated to include detection and remediation steps for potential exploitation of this vulnerability. Finally, coordination with LITEON and relevant ICS/OT security teams is essential to ensure timely updates and vulnerability management.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- icscert
- Date Reserved
- 2025-07-08T14:32:29.576Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 6877ccf3a83201eaacdc4943
Added to database: 7/16/2025, 4:01:55 PM
Last enriched: 7/24/2025, 1:01:57 AM
Last updated: 8/28/2025, 4:38:05 PM
Views: 35
Related Threats
CVE-2025-9701: SQL Injection in SourceCodester Simple Cafe Billing System
MediumCVE-2025-9700: SQL Injection in SourceCodester Online Book Store
MediumCVE-2025-9699: SQL Injection in SourceCodester Online Polling System Code
MediumCVE-2025-9695: Improper Export of Android Application Components in GalleryVault Gallery Vault App
MediumCVE-2025-9694: SQL Injection in Campcodes Advanced Online Voting System
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.