Details of VAR-202506-0483

ID

VAR-202506-0483

CVE

CVE-2025-5743

TITLE

Schneider Electric EVLink WallBox OS Command Injection Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-15347

DESCRIPTION

CWE-78: I Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote control over the charging station when an authenticated user modifies configuration parameters on the web server. Schneider Electric EVLink WallBox is a home charging station from Schneider Electric of France. Schneider Electric EVLink WallBox has an operating system command injection vulnerability. Attackers can exploit this vulnerability to remotely control the charging station

Trust: 1.44

sources: NVD: CVE-2025-5743 // CNVD: CNVD-2025-15347

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-15347

AFFECTED PRODUCTS

vendor:

schneider

model:

electric evlink wallbox

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2025-15347

CVSS

SEVERITY

CVSSV2

CVSSV3

cybersecurity@se.com:	CVE-2025-5743
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2025-15347
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-15347
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:M/C:P/I:C/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	PARTIAL
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	6.4
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cybersecurity@se.com:	CVE-2025-5743
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.2
impactScore:	4.2
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-15347 // NVD: CVE-2025-5743

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.0

sources: NVD: CVE-2025-5743

PATCH

title:

Patch for Schneider Electric EVLink WallBox OS Command Injection Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/706306

Trust: 0.6

sources: CNVD: CNVD-2025-15347

EXTERNAL IDS

db:	NVD	id:	CVE-2025-5743	Trust: 1.6
db:	SCHNEIDER	id:	SEVD-2025-161-03	Trust: 1.0
db:	CNVD	id:	CNVD-2025-15347	Trust: 0.6

sources: CNVD: CNVD-2025-15347 // NVD: CVE-2025-5743

REFERENCES

url:	https://download.schneider-electric.com/files?p_doc_ref=sevd-2025-161-03&p_endoctype=security+and+safety+notice&p_file_name=sevd-2025-161-03.pdf	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-5743	Trust: 0.6

sources: CNVD: CNVD-2025-15347 // NVD: CVE-2025-5743

SOURCES

db:	CNVD	id:	CNVD-2025-15347
db:	NVD	id:	CVE-2025-5743

LAST UPDATE DATE

2025-07-10T22:55:23.878000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-15347	date:	2025-07-09T00:00:00
db:	NVD	id:	CVE-2025-5743	date:	2025-06-12T16:06:39.330

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-15347	date:	2025-07-09T00:00:00
db:	NVD	id:	CVE-2025-5743	date:	2025-06-10T09:15:25.703