RCE in Mennekes Smart / Premium Charging Stations

CVE-2025-22368

The authenticated SCU firmware command of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS commands are improperly neutralized when certain fields are passed to the underlying OS.

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.006 (42.3th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References