80 matches found
Mobiliti 访问控制错误漏洞
Mobiliti is an electric vehicle charging station system developed by the Hungarian company Mobiliti. Mobiliti has a security access control vulnerability, which stems from the lack of proper authentication mechanisms for WebSocket endpoints. This vulnerability could allow unauthorized sites to...
CVE-2026-22552
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-22552 ePower epower.ie Missing Authentication for Critical Function
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
PT-2026-23574
Name of the Vulnerable Software and Affected Versions affected versions not specified Description WebSocket endpoints are missing appropriate authentication, allowing attackers to impersonate charging stations and manipulate backend data. An unauthenticated attacker can connect to the OCPP...
CVE-2026-25851
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-27767
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-27772
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-24731
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-20781
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
EUVD-2026-8937
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
EUVD-2026-8929
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-27028
CVE-2026-27028 affects WebSocket endpoints used by OCPP implementations. The issue is lack of authentication, allowing unauthenticated attackers to connect with a charging station identifier and impersonate a charger, issue or receive OCPP commands, and potentially escalate privileges, take unaut...
CVE-2026-27028 Mobility46 mobility46.se Missing Authentication for Critical Function
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-27767
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-27772
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-25851
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-27772 EV Energy ev.energy Missing Authentication for Critical Function
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
PT-2026-22266
Name of the Vulnerable Software and Affected Versions Systems utilizing WebSocket endpoints for the Open Charge Point Protocol OCPP affected versions not specified Description WebSocket endpoints lack proper authentication mechanisms, allowing attackers to perform unauthorized station impersonati...
PT-2026-22244
Name of the Vulnerable Software and Affected Versions Systems utilizing WebSocket endpoints for the Open Charge Point Protocol OCPP affected versions not specified Description WebSocket endpoints lack proper authentication mechanisms, allowing unauthenticated attackers to connect and impersonate...
Mobility46 访问控制错误漏洞
Mobility46 is a digital management platform for electric vehicle charging developed by the Swedish company Mobility46. There is an access control vulnerability in Mobility46; this vulnerability stems from the lack of proper authentication mechanisms in WebSocket endpoints, which may allow...