- What is the severity of CVE-2024-4622?
- CVE-2024-4622 has been scored as a high severity vulnerability.
- How to fix CVE-2024-4622?
- As a workaround for remediating CVE-2024-4622: alpitronic recommends users change the default credentials for all charging devices. alpitronic advises that the interface should be connected only to internal segregated and access-controlled networks and not exposed to the public internet/web. When informed of these vulnerabilities, alpitronic, in conjunction with and/or on behalf of affected clients, disabled the interface on any exposed devices and all clients were contacted directly and reminded that the interface is not intended to be visible on the public Internet and that default passwords should be changed. alpitronic are also applying mitigations to all devices in the field and to new devices in production. New devices will come with unique passwords. Devices using the default password will be automatically assigned new unique passwords, or at first access if the device has not yet been installed. Devices with the default passwords already changed will not be affected. New passwords can be obtained by scanning the QR-Code inside the charger or in DMS portal hyperdoc. Contact Hypercharger support with any questions about newly assigned passwords.
- Is CVE-2024-4622 being actively exploited in the wild?
- As for now, there are no information to confirm that CVE-2024-4622 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
- What software or system is affected by CVE-2024-4622?
- CVE-2024-4622 affects alpitronic Hypercharger EV Charger.