EUVD-2026-39569

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to impersonate charging stations. As a result, attackers can exploit this weakness to gain unauthorized access to sensitive data or perform unauthorized actions. Given that no authentication is required, this can lead t...

CVE-2026-40702

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to impersonate charging stations. As a result, attackers can exploit this weakness to gain unauthorized access to sensitive data or perform unauthorized actions. Given that no authentication is required, this can lead t...

CVE-2026-44622 EVoke Systems EVoke CSMS Insufficiently Protected Credentials

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

Market-Analysis-Driven Methodology for Assessing Charging Station Cybersecurity

Modern charging communication standards for electric vehicles include optional security controls such as TLS-based authentication and encryption. However, with tens of thousands of fast charging points deployed in any given country, individually testing each one for security control support is...

CVE-2026-28204

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

CVE-2026-31926 IGL-Technologies eParking.fi Insufficiently Protected Credentials

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

CVE-2026-32663

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

CVE-2026-25192

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

PT-2026-26695

CVE-2026-28204 Charging station authentication identifiers are publicly accessible via web-based mapping platforms. https://t.co/aldAqfvMsO...

PT-2026-26686

Name of the Vulnerable Software and Affected Versions CTEK Chargeport affected versions not specified Description WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated...

CTEK Chargeportal

RISK EVALUATION Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...

IGL-Technologies eParking.fi

RISK EVALUATION Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...

EUVD-2025-208479

A vulnerability has been identified in Heliox Flex 180 kW EV Charging Station All versions F4.11.1, Heliox Mobile DC 40 kW EV Charging Station All versions L4.10.1. Affected devices contain improper access control that could allow an attacker to reach unauthorized services via the charging cable...

CVE-2025-27769

A vulnerability has been identified in Heliox Flex 180 kW EV Charging Station All versions F4.11.1, Heliox Mobile DC 40 kW EV Charging Station All versions L4.10.1. Affected devices contain improper access control that could allow an attacker to reach unauthorized services via the charging cable...

CVE-2026-24912

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

EUVD-2026-10036

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

CVE-2026-27027

Technical details about CVE-2026-27027 are not publicly available in the provided documents. Monitor for updates from listed sources; none of the connected records disclose affected products, versions, root cause, or fixes.

CVE-2026-26288 Everon api.everon.io Missing Authentication for Critical Function

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

CVE-2026-27777 Mobiliti e-mobi.hu Insufficiently Protected Credentials

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

EUVD-2026-9942

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...