Skip to main content

CVE-2025-7357: CWE-256 Plaintext Storage of a Password in LITEON IC48A EV Charger

High
VulnerabilityCVE-2025-7357cvecve-2025-7357cwe-256
Published: Wed Jul 16 2025 (07/16/2025, 15:56:33 UTC)
Source: CVE Database V5
Vendor/Project: LITEON
Product: IC48A EV Charger

Description

LITEON IC48A firmware versions prior to 01.00.19r and LITEON IC80A firmware versions prior to 01.01.12e store FTP-server-access-credentials in cleartext in their system logs.

AI-Powered Analysis

AILast updated: 07/24/2025, 01:01:57 UTC

Technical Analysis

CVE-2025-7357 is a high-severity vulnerability affecting LITEON IC48A and IC80A electric vehicle (EV) chargers. Specifically, firmware versions prior to 01.00.19r for the IC48A and prior to 01.01.12e for the IC80A improperly store FTP server access credentials in plaintext within system logs. This vulnerability is categorized under CWE-256, which relates to the plaintext storage of sensitive information such as passwords. The CVSS 4.0 base score of 8.7 reflects the critical nature of this flaw, with an attack vector that is network-based (AV:N), requiring no privileges (PR:N), no user interaction (UI:N), and no authentication (AT:N). The vulnerability impacts confidentiality severely (VC:H), while integrity and availability are not affected. Because the credentials are stored in cleartext logs, an attacker who gains access to these logs can retrieve FTP credentials, potentially allowing unauthorized access to the FTP server used by the EV charger for firmware updates or data transfer. This could lead to further compromise of the device or the network it resides on. Although no known exploits are currently reported in the wild, the ease of exploitation and the criticality of the information exposed make this a significant threat. The lack of authentication and user interaction requirements means that remote attackers can exploit this vulnerability without needing prior access or user involvement. The affected products are embedded systems in EV charging infrastructure, which are increasingly critical components of smart grid and transportation networks. The plaintext storage of credentials in logs is a fundamental security design flaw, indicating insufficient protection of sensitive data within the device's firmware.

Potential Impact

For European organizations, this vulnerability poses a substantial risk to the security of EV charging infrastructure, which is rapidly expanding across the continent as part of green energy and transportation initiatives. Unauthorized access to FTP credentials could allow attackers to manipulate firmware updates, inject malicious code, or exfiltrate sensitive operational data. This could disrupt charging services, cause physical damage to equipment, or enable lateral movement within corporate or utility networks. Given the critical role of EV chargers in supporting electric mobility, exploitation could impact service availability and undermine trust in EV infrastructure. Additionally, compromised chargers could be used as entry points for broader attacks on smart grid systems or critical infrastructure, which are high-value targets in Europe. The exposure of credentials in logs also raises compliance concerns under GDPR and other data protection regulations, as it reflects inadequate security controls over sensitive information. Organizations operating or managing LITEON IC48A or IC80A chargers must consider the risk of targeted attacks, especially in sectors such as utilities, transportation, and public infrastructure.

Mitigation Recommendations

To mitigate this vulnerability, European organizations should immediately verify the firmware versions of their LITEON IC48A and IC80A EV chargers and upgrade to versions 01.00.19r or later for IC48A and 01.01.12e or later for IC80A once available. In the absence of official patches, organizations should restrict network access to the FTP service and system logs to trusted administrators only, employing network segmentation and firewall rules to limit exposure. Monitoring and auditing access to logs should be enhanced to detect unauthorized retrieval of credentials. Organizations should also consider implementing compensating controls such as changing FTP credentials regularly and using strong, unique passwords. Where possible, replacing FTP with more secure protocols (e.g., SFTP or FTPS) is recommended to reduce the risk of credential interception. Additionally, organizations should review and harden logging configurations to avoid storing sensitive information in plaintext. Incident response plans should be updated to include detection and remediation steps for potential exploitation of this vulnerability. Finally, coordination with LITEON and relevant ICS/OT security teams is essential to ensure timely updates and vulnerability management.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
icscert
Date Reserved
2025-07-08T14:32:29.576Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 6877ccf3a83201eaacdc4943

Added to database: 7/16/2025, 4:01:55 PM

Last enriched: 7/24/2025, 1:01:57 AM

Last updated: 8/28/2025, 4:38:05 PM

Views: 35

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats