Lucene search
+L

811 matches found

NVD
NVD
added 2026/06/25 10:17 p.m.11 views

CVE-2026-40702

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to impersonate charging stations. As a result, attackers can exploit this weakness to gain unauthorized access to sensitive data or perform unauthorized actions. Given that no authentication is required, this can lead t...

9.4CVSS0.00378EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 10:17 p.m.9 views

CVE-2026-44622

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

6.9CVSS0.00248EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 8:59 p.m.17 views

CVE-2026-40702

CVE-2026-40702 involves WebSocket endpoints in EVoke Systems EVoke CSMS that lack authentication, allowing attackers to impersonate charging stations and gain unauthorized access or perform actions. The underlying issue is no authentication for the WebSocket interface, enabling privilege escalati...

9.4CVSS5.9AI score0.00378EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 8:56 p.m.26 views

CVE-2026-54479 EVoke Systems EVoke CSMS Insufficient Session Expiration

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers. This vulnerability may allow unauthorized users to authenticate as oth...

7.3CVSS0.00246EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/25 8:56 p.m.7 views

CVE-2026-54479

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers. This vulnerability may allow unauthorized users to authenticate as oth...

7.3CVSS5.9AI score0.00246EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/25 8:53 p.m.27 views

CVE-2026-44622 EVoke Systems EVoke CSMS Insufficiently Protected Credentials

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

6.9CVSS0.00248EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/25 8:53 p.m.6 views

CVE-2026-44622

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

6.9CVSS5.8AI score0.00248EPSS
Exploits0References4
ICS
ICS
added 2026/06/25 5:0 a.m.11 views

EVoke Systems Charging Station Management System

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...

9.4CVSS5.9AI score0.00378EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.12 views

PT-2026-52596

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description Charging station authentication identifiers are publicly accessible through web-based mapping platforms. Recommendations At the moment, there is no information...

6.9CVSS5.8AI score0.00248EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.17 views

PT-2026-52595

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description WebSocket endpoints lack proper authentication mechanisms, which allows attackers to impersonate charging stations. This flaw can be exploited to gain unauthoriz...

9.4CVSS5.8AI score0.00378EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/06/03 10:16 a.m.13 views

CVE-2026-41032 Phoenix Contact: Unauthenticated log download vulnerability in the firmware of CHARX SEC-3xxx charging controllers

It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information...

7.5CVSS5.8AI score0.0026EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/03 10:16 a.m.49 views

CVE-2026-41032 Phoenix Contact: Unauthenticated log download vulnerability in the firmware of CHARX SEC-3xxx charging controllers

It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information...

7.5CVSS0.0026EPSS
Exploits0References2
CVE
CVE
added 2026/06/03 10:16 a.m.40 views

CVE-2026-41032

The CVE-2026-41032 entry concerns Phoenix Contact CHARX SEC-3xxx charging controller firmware. Affected component: firmware on CHARX SEC-3xxx charging controllers. Vulnerability: an unauthenticated adjacent attacker can download log files from the controller, potentially exposing restricted infor...

7.5CVSS5.8AI score0.0026EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.14 views

CVE-2026-9398

A security vulnerability has been detected in Besen BS20 EV Charging Station up to 20260426. This affects an unknown part of the component BLE/WiFi. Such manipulation leads to authentication bypass by capture-replay. The attack must be carried out from within the local network. Attacks of this...

3.1CVSS5.2AI score0.00294EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.19 views

CVE-2026-9039

A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel intended solely for vehicle-charger signaling. The service is accessible on interfaces exposed through the charging connector, and it accepts a default...

8.6CVSS5.8AI score0.00185EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.14 views

CVE-2026-9038

A stack-based buffer overflow vulnerability in the charging controller’s signal-processing logic allows an attacker with physical access to the charging interface to supply message fields that exceed expected bounds. Because the input is not sufficiently validated, memory corruption may occur,...

8.6CVSS6.3AI score0.0023EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 8:16 p.m.14 views

CVE-2026-9039

A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel intended solely for vehicle-charger signaling. The service is accessible on interfaces exposed through the charging connector, and it accepts a default...

8.6CVSS0.00185EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/28 7:7 p.m.12 views

EUVD-2026-33004

A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel intended solely for vehicle-charger signaling. The service is accessible on interfaces exposed through the charging connector, and it accepts a default...

8.6CVSS5.8AI score0.00185EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 7:7 p.m.15 views

CVE-2026-9039

A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel intended solely for vehicle-charger signaling. The service is accessible on interfaces exposed through the charging connector, and it accepts a default...

8.6CVSS5.8AI score0.00185EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/28 7:7 p.m.13 views

CVE-2026-9039 Initialization of a resource with an insecure default in XCharge C6

A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel intended solely for vehicle-charger signaling. The service is accessible on interfaces exposed through the charging connector, and it accepts a default...

8.6CVSS5.8AI score0.00185EPSS
Exploits0References1
Rows per page
Query Builder