CTEK Chargeportal
Summary
CTEK Chargeportal is affected by multiple vulnerabilities, including missing authentication for critical functions, improper restriction of excessive authentication attempts, insufficient session expiration, and insufficiently protected credentials. Successful exploitation could allow attackers to gain unauthorized administrative control over charging stations or disrupt services.
IFF Assessment
The identified vulnerabilities allow attackers to gain unauthorized control and disrupt services, posing a significant risk to critical infrastructure.
Severity
Defender Context
Defenders in the energy and transportation sectors should be aware of these critical vulnerabilities affecting CTEK Chargeportal. Organizations using this product should monitor for any potential exploitation attempts and follow vendor guidance, especially as the product is being sunsetted.