811 matches found
CVE-2026-40702
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to impersonate charging stations. As a result, attackers can exploit this weakness to gain unauthorized access to sensitive data or perform unauthorized actions. Given that no authentication is required, this can lead t...
CVE-2026-44622
Charging station authentication identifiers are publicly accessible via web-based mapping platforms...
CVE-2026-40702
CVE-2026-40702 involves WebSocket endpoints in EVoke Systems EVoke CSMS that lack authentication, allowing attackers to impersonate charging stations and gain unauthorized access or perform actions. The underlying issue is no authentication for the WebSocket interface, enabling privilege escalati...
CVE-2026-54479 EVoke Systems EVoke CSMS Insufficient Session Expiration
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers. This vulnerability may allow unauthorized users to authenticate as oth...
CVE-2026-54479
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers. This vulnerability may allow unauthorized users to authenticate as oth...
CVE-2026-44622 EVoke Systems EVoke CSMS Insufficiently Protected Credentials
Charging station authentication identifiers are publicly accessible via web-based mapping platforms...
CVE-2026-44622
Charging station authentication identifiers are publicly accessible via web-based mapping platforms...
EVoke Systems Charging Station Management System
ADVISORY SUMMARY Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...
PT-2026-52596
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description Charging station authentication identifiers are publicly accessible through web-based mapping platforms. Recommendations At the moment, there is no information...
PT-2026-52595
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description WebSocket endpoints lack proper authentication mechanisms, which allows attackers to impersonate charging stations. This flaw can be exploited to gain unauthoriz...
CVE-2026-41032 Phoenix Contact: Unauthenticated log download vulnerability in the firmware of CHARX SEC-3xxx charging controllers
It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information...
CVE-2026-41032 Phoenix Contact: Unauthenticated log download vulnerability in the firmware of CHARX SEC-3xxx charging controllers
It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information...
CVE-2026-41032
The CVE-2026-41032 entry concerns Phoenix Contact CHARX SEC-3xxx charging controller firmware. Affected component: firmware on CHARX SEC-3xxx charging controllers. Vulnerability: an unauthenticated adjacent attacker can download log files from the controller, potentially exposing restricted infor...
CVE-2026-9398
A security vulnerability has been detected in Besen BS20 EV Charging Station up to 20260426. This affects an unknown part of the component BLE/WiFi. Such manipulation leads to authentication bypass by capture-replay. The attack must be carried out from within the local network. Attacks of this...
CVE-2026-9039
A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel intended solely for vehicle-charger signaling. The service is accessible on interfaces exposed through the charging connector, and it accepts a default...
CVE-2026-9038
A stack-based buffer overflow vulnerability in the charging controller’s signal-processing logic allows an attacker with physical access to the charging interface to supply message fields that exceed expected bounds. Because the input is not sufficiently validated, memory corruption may occur,...
CVE-2026-9039
A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel intended solely for vehicle-charger signaling. The service is accessible on interfaces exposed through the charging connector, and it accepts a default...
EUVD-2026-33004
A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel intended solely for vehicle-charger signaling. The service is accessible on interfaces exposed through the charging connector, and it accepts a default...
CVE-2026-9039
A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel intended solely for vehicle-charger signaling. The service is accessible on interfaces exposed through the charging connector, and it accepts a default...
CVE-2026-9039 Initialization of a resource with an insecure default in XCharge C6
A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel intended solely for vehicle-charger signaling. The service is accessible on interfaces exposed through the charging connector, and it accepts a default...