Lucene search
K

9 matches found

ATTACKERKB
ATTACKERKB
added 2026/01/21 7:54 p.m.4 views

CVE-2025-68140

EVerest is an EV charging software stack. Prior to version 2025.9.0, once the validity of the received V2G message has been verified, it is checked whether the submitted session ID matches the registered one. However, if no session has been registered, the default value is 0. Therefore, a message...

4.3CVSS5.2AI score0.00136EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/01/21 7:54 p.m.17 views

CVE-2025-68140 EVerest allows null session ID to bypass session ID verification

EVerest is an EV charging software stack. Prior to version 2025.9.0, once the validity of the received V2G message has been verified, it is checked whether the submitted session ID matches the registered one. However, if no session has been registered, the default value is 0. Therefore, a message...

4.3CVSS0.00136EPSS
Exploits0References1
OSV
OSV
added 2026/01/21 7:54 p.m.4 views

CVE-2025-68140 EVerest allows null session ID to bypass session ID verification

EVerest is an EV charging software stack. Prior to version 2025.9.0, once the validity of the received V2G message has been verified, it is checked whether the submitted session ID matches the registered one. However, if no session has been registered, the default value is 0. Therefore, a message...

4.3CVSS5.4AI score0.00136EPSS
Exploits0References3
CVE
CVE
added 2026/01/21 7:54 p.m.22 views

CVE-2025-68140

Summary: CVE-2025-68140 affects EVerest EV charging software stack prior to 2025.9.0, where an unregistered session can be assumed as 0, allowing unauthorized and anonymous indirect emission of MQTT messages and communication with V2G message handlers, potentially updating a session context. Tech...

4.3CVSS5.4AI score0.00136EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.12 views

PT-2026-3856

EVerest is an EV charging software stack. Prior to version 2025.9.0, once the validity of the received V2G message has been verified, it is checked whether the submitted session ID matches the registered one. However, if no session has been registered, the default value is 0. Therefore, a message...

4.3CVSS5.4AI score0.00136EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/07/10 12:0 a.m.9 views

PT-2024-27469 · Everest · Everest

Name of the Vulnerable Software and Affected Versions: EVerest versions prior to 2024.3.1 EVerest versions prior to 2024.6.0 Description: EVerest is an EV charging software stack. An integer overflow in the v2g incoming v2gtp function in the v2g server.cpp implementation can allow a remote attack...

9CVSS7.6AI score0.00666EPSS
Exploits0References12
Pen Test Partners Blog
Pen Test Partners Blog
added 2023/11/27 6:4 a.m.12 views

Are Vehicle to Grid spikes coming?

If you didn’t already know, I’m a massive fan of electric vehicles. One of the aspects that intrigues me is Vehicle to Grid V2G, the potential for our car batteries to store and release electricity to and from the grid, providing balance for the peaks and troughs of demand. It’s a part of what is...

7.5AI score
Exploits0
CNNVD
CNNVD
added 2022/05/12 12:0 a.m.5 views

OpenV2G 安全漏洞

The primary scope of the OpenV2G project is to provide an open source implementation of the latest draft of the ISO/IEC Vehicle-to-Grid Communication Interface V2G CI standard.A memory corruption vulnerability exists in Siemens OpenV2G due to a missing length check in the OpenV2G EXI parsing...

5.5CVSS6.1AI score0.00207EPSS
Exploits0References4
CNVD
CNVD
added 2022/05/11 12:0 a.m.24 views

Siemens OpenV2G memory corruption vulnerability

The primary scope of the OpenV2G project is to provide an open source implementation of the latest draft of the ISO/IEC Vehicle-to-Grid Communication Interface V2G CI standard.A memory corruption vulnerability exists in Siemens OpenV2G due to a missing length check in the OpenV2G EXI parsing...

5.5CVSS3.7AI score0.00207EPSS
Exploits0References1
Rows per page
Query Builder