76 matches found
CVE-2026-25851
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-27767
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-27772
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-24731
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-20781
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
EUVD-2026-8937
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
EUVD-2026-8929
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-27028
CVE-2026-27028 affects WebSocket endpoints used by OCPP implementations. The issue is lack of authentication, allowing unauthenticated attackers to connect with a charging station identifier and impersonate a charger, issue or receive OCPP commands, and potentially escalate privileges, take unaut...
CVE-2026-27028 Mobility46 mobility46.se Missing Authentication for Critical Function
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-27767
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-27772
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-25851
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-27772 EV Energy ev.energy Missing Authentication for Critical Function
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CloudCharge 访问控制错误漏洞
CloudCharge is a website for electric vehicle charging management developed by the Swedish company CloudCharge. CloudCharge has a security vulnerability related to access control. This vulnerability stems from the lack of proper authentication mechanisms at WebSocket endpoints, which could allow...
Mobility46 访问控制错误漏洞
Mobility46 is a digital management platform for electric vehicle charging developed by the Swedish company Mobility46. There is an access control vulnerability in Mobility46; this vulnerability stems from the lack of proper authentication mechanisms in WebSocket endpoints, which may allow...
PT-2026-22266
Name of the Vulnerable Software and Affected Versions Systems utilizing WebSocket endpoints for the Open Charge Point Protocol OCPP affected versions not specified Description WebSocket endpoints lack proper authentication mechanisms, allowing attackers to perform unauthorized station impersonati...
PT-2026-22244
Name of the Vulnerable Software and Affected Versions Systems utilizing WebSocket endpoints for the Open Charge Point Protocol OCPP affected versions not specified Description WebSocket endpoints lack proper authentication mechanisms, allowing unauthenticated attackers to connect and impersonate...
CVE-2026-27767
The CVE-2026-27767 issue concerns WebSocket endpoints used for Open Charge Point Protocol (OCPP) in charging-station infrastructure. The underlying vulnerability is lack of authentication on these endpoints, allowing an unauthenticated attacker to connect with a known or discovered charging-stati...
CVE-2026-24731
CVE-2026-24731 affects EV2GO EV2GO ev2go.io: WebSocket endpoints lack authentication, allowing unauthenticated charging stations to impersonate a station and issue/receive OCPP commands to the backend. Root cause: missing authentication at the OCPP WebSocket endpoint enabling privilege escalation...
CVE-2026-25851
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...