Lucene search
K

147 matches found

NVD
NVD
added 2026/05/24 9:16 p.m.17 views

CVE-2026-9396

A security flaw has been discovered in Besen BS20 EV Charging Station up to 20260426. Affected by this vulnerability is an unknown functionality of the component Firmware Version Check. The manipulation results in improper restriction of rendered ui layers. The attack can be executed remotely. A...

6.3CVSS0.00268EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/24 8:0 p.m.16 views

CVE-2026-9395

A vulnerability was identified in Besen BS20 EV Charging Station up to 20260426. Affected is an unknown function of the component BLE/UDP. The manipulation leads to insufficiently protected credentials. The attack needs to be initiated within the local network. The original disclosure mentions,...

5.1CVSS5.5AI score0.00158EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/05/24 7:30 p.m.19 views

CVE-2026-9394 Besen BS20 EV Charging Station Bluetooth Low Energy weak password

A vulnerability was determined in Besen BS20 EV Charging Station up to 20260426. This impacts an unknown function of the component Bluetooth Low Energy Handler. Executing a manipulation can lead to weak password requirements. The attack needs to be done within the local network. This attack is...

3.1CVSS0.00192EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/24 7:30 p.m.16 views

CVE-2026-9394

A vulnerability was determined in Besen BS20 EV Charging Station up to 20260426. This impacts an unknown function of the component Bluetooth Low Energy Handler. Executing a manipulation can lead to weak password requirements. The attack needs to be done within the local network. This attack is...

3.1CVSS5.2AI score0.00192EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/24 12:0 a.m.16 views

PT-2026-42969

A security vulnerability has been detected in Besen BS20 EV Charging Station up to 20260426. This affects an unknown part of the component BLE/WiFi. Such manipulation leads to authentication bypass by capture-replay. The attack must be carried out from within the local network. Attacks of this...

3.1CVSS5.2AI score0.00294EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.11 views

Besen BS20 EV Charging Station 安全漏洞

The Besen BS20 EV Charging Station is an AC electric vehicle wall-mounted charging station developed by the Chinese company Besen. The Besen BS20 EV Charging Station, including versions dated before April 2026, has a security vulnerability. This vulnerability stems from improper operation of...

3.1CVSS5.7AI score0.00294EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2026/05/22 12:0 a.m.15 views

Cybersecurity of Electric Vehicle Charging Infrastructure: Recent Advances, Open Challenges, and Future Directions

Electric Vehicles EVs have emerged as significant disruptors in the transportation sector over the past decade. Their growing popularity and adoption are accompanied by capital expenditures to deploy charging infrastructure. EV charging infrastructure sits at the intersection of the power grid, t...

5.8AI score
Exploits0
ICS
ICS
added 2026/04/21 5:0 a.m.9 views

Hardy Barth Salia EV Charge Controller

RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device being accessed; a buffer overflow condition may allow remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these...

6.5CVSS6.7AI score0.00269EPSS
Exploits0References11
Trend Micro Simply Security
Trend Micro Simply Security
added 2026/03/31 12:0 a.m.4 views

TrendAI™ Research at RSAC 2026: Advancing Defense Across AI‑Driven and Cyber‑Physical Threats

TrendAI™ Research explored agentic AI cybercrime and EV infrastructure security through two research sessions at RSAC 2026...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/27 5:9 p.m.5 views

CVE-2026-27813

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to use-after-free. This is triggered by EV plug-in/unplug and RFID/RemoteStart/OCPP authorization events or delayed authorization response. Version 2026.2.0 contains a patch...

5.3CVSS5.9AI score0.00126EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/27 5:9 p.m.5 views

CVE-2026-26008

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have an out-of-bounds access std::vector that leads to possible remote crash/memory corruption. This is because the CSMS sends UpdateAllowedEnergyTransferModes over the network. Version 2026.2.0 contains a patch...

7.5CVSS5.9AI score0.00367EPSS
Exploits0References1
NVD
NVD
added 2026/03/26 5:16 p.m.6 views

CVE-2026-26074

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to possible std::map corruption. The trigger is CSMS GetLog/UpdateFirmware request network with an EVSE fault event physical. This results in TSAN reports concurrent access data race to eventqueue...

7CVSS0.0014EPSS
Exploits0References1
OSV
OSV
added 2026/03/26 4:42 p.m.3 views

CVE-2026-33015 EVerest has RemoteStop Bypass via BCB Toggle Session Restart

EVerest is an EV charging software stack. Prior to version 2026.02.0, even immediately after CSMS performs a RemoteStop StopTransaction, the EVSE can return to PrepareCharging via the EV's BCB toggle, allowing session restart. This breaks the irreversibility of remote stop and can bypass...

5.2CVSS5.9AI score0.00214EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/26 4:42 p.m.3 views

CVE-2026-33015

EVerest is an EV charging software stack. Prior to version 2026.02.0, even immediately after CSMS performs a RemoteStop StopTransaction, the EVSE can return to PrepareCharging via the EV's BCB toggle, allowing session restart. This breaks the irreversibility of remote stop and can bypass...

5.2CVSS5.9AI score0.00214EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/03/26 4:42 p.m.6 views

EUVD-2026-16254

EVerest is an EV charging software stack. Prior to version 2026.02.0, even immediately after CSMS performs a RemoteStop StopTransaction, the EVSE can return to PrepareCharging via the EV's BCB toggle, allowing session restart. This breaks the irreversibility of remote stop and can bypass...

5.2CVSS5.9AI score0.00214EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/26 4:37 p.m.3 views

EUVD-2026-16230

EVerest is an EV charging software stack. Prior to version 2026.02.0, when WithdrawAuthorization is processed before the TransactionStarted event, AuthHandler determines transactionactive=false and only calls withdrawauthorizationcallback. This path ultimately calls Charger::deauthorize, but no...

5CVSS5.8AI score0.00288EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/26 4:34 p.m.6 views

EUVD-2026-16228

EVerest is an EV charging software stack. Prior to version 2026.02.0, ISO15118chargerImpl::handlesessionsetup uses v2gctx after it has been freed when ISO15118 initialization fails e.g., no IPv6 link-local address. The EVSE process can be crashed remotely by an attacker with MQTT access who issue...

6.9CVSS5.8AI score0.00286EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/26 4:30 p.m.3 views

CVE-2026-27815 EVerest: ISO15118 session_setup payment options overflow can corrupt EVSE state

EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118chargerImpl::handlesessionsetup copies a variable-length paymentoptions list into a fixed-size array of length 2 without bounds checking. With schema validation disabled by default, oversized MQTT Cmd payloads can...

6.9CVSS5.9AI score0.00272EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/26 4:30 p.m.11 views

EUVD-2026-16224

EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118chargerImpl::handlesessionsetup copies a variable-length paymentoptions list into a fixed-size array of length 2 without bounds checking. With schema validation disabled by default, oversized MQTT Cmd payloads can...

6.9CVSS5.8AI score0.00272EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/26 4:23 p.m.3 views

CVE-2026-27813

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to use-after-free. This is triggered by EV plug-in/unplug and RFID/RemoteStart/OCPP authorization events or delayed authorization response. Version 2026.2.0 contains a patch...

5.3CVSS5.8AI score0.00126EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder