RCE in Mennekes Smart / Premium Charging Stations
CVE-2025-22366
The authenticated firmware update capability of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS command are improperly neutralized when certain fields are passed to the underlying OS.
Vulnerability class: Command Injection (OS Command Injection)
EPSS: 0.006 (42.3th percentile) — read the EPSS interpretation.
Affected products
Weakness classification (CWE)
References
- csirt@divd.nl (third-party-advisory)
- csirt@divd.nl (vendor-advisory)
- csirt@divd.nl (release-notes)