EUVD-2026-10034

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

EUVD-2025-20401

Malicious code in bioql PyPI...

CVE-2025-25271

An unauthenticated adjacent attacker is able to configure a new OCPP backend, due to insecure defaults for the configuration interface...

CVE-2025-25271

An unauthenticated adjacent attacker is able to configure a new OCPP backend, due to insecure defaults for the configuration interface...

CVE-2025-25271 OCPP Backend Configuration via Insecure Defaults

An unauthenticated adjacent attacker is able to configure a new OCPP backend, due to insecure defaults for the configuration interface...

CVE-2025-25271

CVE-2025-25271 describes an authentication-related misconfiguration in Phoenix Contact CHARX SEC OCPP implementations where an unauthenticated, network-adjacent attacker can configure a new OCPP backend due to insecure default settings in the configuration interface. Multiple sources (including N...

CVE-2025-25271 OCPP Backend Configuration via Insecure Defaults

An unauthenticated adjacent attacker is able to configure a new OCPP backend, due to insecure defaults for the configuration interface...

PT-2025-28348 · Phoenix Contact · Charx Sec-3000 +7

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: An unauthenticated adjacent attacker can configure a new OCPP backend due to insecure defaults for the configuration interface. Recommendations: At the moment, there is no information about ...