CVE-2024-4622

If misconfigured, alpitronic Hypercharger EV charging devices can expose a web interface protected by authentication. If the default credentials are not changed, an attacker can use public knowledge to access the device as an administrator.

CVSS

No CVSS.

References

Link	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-130-02
https://www.cisa.gov/news-events/ics-advisories/icsa-24-130-02

Configurations

No configuration.

History

21 Nov 2024, 09:43

Type	Values Removed	Values Added
Summary		(es) Si están mal configurados, los dispositivos de carga alpitronic Hypercharger EV pueden exponer una interfaz web protegida por autenticación. Si no se cambian las credenciales predeterminadas, un atacante puede utilizar el conocimiento público para acceder al dispositivo como administrador.
References	~~() https://www.cisa.gov/news-events/ics-advisories/icsa-24-130-02 -~~	() https://www.cisa.gov/news-events/ics-advisories/icsa-24-130-02 -

15 May 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-15 17:15

Updated : 2024-11-21 09:43

NVD link : CVE-2024-4622

Mitre link : CVE-2024-4622

CVE.ORG link : CVE-2024-4622

JSON object : View

Products Affected

No product.

CWE

CWE-1392

Use of Default Credentials

{"id": "CVE-2024-4622", "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 8.3, "automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "NONE", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "LOW", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-05-15T17:15:16.010", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-130-02", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-130-02", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-1392"}]}], "descriptions": [{"lang": "en", "value": "If misconfigured, alpitronic Hypercharger EV charging devices can expose a web interface \nprotected by authentication. If the default credentials are not changed,\n an attacker can use public knowledge to access the device as an \nadministrator."}, {"lang": "es", "value": "Si est\u00e1n mal configurados, los dispositivos de carga alpitronic Hypercharger EV pueden exponer una interfaz web protegida por autenticaci\u00f3n. Si no se cambian las credenciales predeterminadas, un atacante puede utilizar el conocimiento p\u00fablico para acceder al dispositivo como administrador."}], "lastModified": "2024-11-21T09:43:14.267", "sourceIdentifier": "ics-cert@hq.dhs.gov"}