A high-severity vulnerability has been identified in multiple products from the vendor 'An'. This flaw allows an attacker who already has basic user access to a charge controller to steal administrative credentials, including the manufacturer's password. Successful exploitation could lead to a complete compromise of the affected device, enabling unauthorized configuration changes and potential operational disruption.

The vulnerability allows for privilege escalation on affected charge controllers. An attacker who has successfully authenticated with a low-privilege account can exploit a flaw related to improper credential storage to access and exfiltrate sensitive credentials. This includes the manufacturer's password, which provides administrative-level control over the device. The attack likely involves interacting with a management interface where credentials are not properly protected or isolated from lower-privileged users.

This vulnerability poses a high risk to the organization, reflected by its CVSS score of 8.8. An attacker successfully exploiting this flaw could gain complete administrative control over the affected charge controllers. This could lead to operational disruption, unauthorized modification of device settings, denial of service, and potential physical impact depending on the controller's function. Furthermore, a compromised device could serve as a pivot point for attackers to move laterally within the network, escalating the incident's scope and impact.

Immediate Action: The vendor, An, has released security updates to address this vulnerability. Organizations must prioritize the deployment of these patches to all affected devices immediately. In addition to patching, security teams should actively monitor for signs of exploitation and review historical access logs for any suspicious activity related to low-privileged accounts.

Proactive Monitoring: Implement enhanced monitoring for affected systems. Security teams should specifically look for: unusual or repeated login attempts from low-privileged accounts, any attempts by these accounts to access administrative files or APIs, unexpected outbound network traffic from the charge controllers, and unauthorized configuration changes. Correlating access logs with network data can help identify potential exploitation attempts.

Compensating Controls: If immediate patching is not feasible, implement the following compensating controls to reduce risk:

• Isolate the charge controllers onto a segmented network with strict firewall rules, limiting access to only authorized personnel and systems.
• Enforce multi-factor authentication (MFA) for all user accounts if supported.
• Review and disable any non-essential low-privileged user accounts until patches can be applied.

Public Exploit Available: false

Due to the high severity (CVSS 8.8) of this vulnerability, which allows for a full device compromise from a low-privileged position, immediate action is required. We strongly recommend that all affected 'An' products are patched immediately following the vendor's advisory. Although there is no evidence of active exploitation and it is not currently listed in the CISA KEV catalog, the risk of future exploitation is significant. Organizations should prioritize patching and implement enhanced monitoring as outlined in the remediation plan to mitigate potential impact.