Lucene search
K

807 matches found

NVD
NVD
added yesterday4 views

CVE-2026-22098

Various sensitive information such as passwords and charging card UIDs are written to log files...

9.2CVSS0.00332EPSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-22093

The EVbee Service Android app uses TLS encrypted communication HTTPS, but does not validate the certificate provided by the server. This allows an attacker on the network path between the app and EVbee server to intercept and manipulate the communication between the app and server. The traffic is...

9.5CVSS0.00203EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday10 views

CVE-2026-22099 Missing authentication for Bluetooth communication

The charging station does not require authentication for Bluetooth commands to perform actions. The functionality exposed includes sensitive information leakage, triggering reboots, or pushing a firmware update URL...

8.7CVSS0.00247EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43096

Multiple connections to the backend using the same charging station ID are allowed, which could allow an attacker to deploy multiple instances of malicious OCPP clients to overwhelm the backend...

8.7CVSS6.1AI score0.00563EPSS
Exploits0References4
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43095

Previously, there was no throttling on repeated authentication attempts to the charging station backend, which could allow an attacker to execute a denial-of-service attack...

8.7CVSS6.1AI score0.0038EPSS
Exploits0References4
EUVD
EUVD
added 3 days ago21 views

EUVD-2026-43094

The charging station websocket endpoint accepts connections without proper authentication, which could lead to privilege escalation...

9.8CVSS6.1AI score0.00519EPSS
Exploits0References4
NVD
NVD
added 4 days ago7 views

CVE-2026-42952

Previously, there was no throttling on repeated authentication attempts to the charging station backend, which could allow an attacker to execute a denial-of-service attack...

8.7CVSS0.0038EPSS
Exploits0References3
NVD
NVD
added 4 days ago7 views

CVE-2026-20744

The charging station websocket endpoint accepts connections without proper authentication, which could lead to privilege escalation...

9.8CVSS0.00519EPSS
Exploits0References3
CVE
CVE
added 4 days ago9 views

CVE-2026-44383

CVE-2026-44383 concerns Hydro-Québec Le Circuit Electrique charging station backend with insufficient session expiration. The issue allows multiple connections using the same charging station ID, enabling attackers to deploy multiple OCPP clients to overwhelm the backend, impacting availability (...

8.7CVSS6.1AI score0.00563EPSS
Exploits0References3
CVE
CVE
added 4 days ago25 views

CVE-2026-20744

CVE-2026-20744 concerns Hydro-Québec Le Circuit Electrique charging station backend. The issue is an improper access control on the charging station websocket endpoint, allowing connections without authentication and potentially enabling privilege escalation. ICSCERT metrics show critical impact ...

9.8CVSS6.1AI score0.00519EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-57340

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A flaw in the EV charging station backend allows multiple connections using the same charging station ID. This could enable an attacker to deploy multiple...

8.7CVSS6.1AI score0.00563EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-57338

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The charging station websocket endpoint accepts connections without proper authentication. This flaw allows for privilege escalation and is exploitable over the...

9.8CVSS6.1AI score0.00519EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-57339

Name of the Vulnerable Software and Affected Versions EV charging station backends affected versions not specified Description The charging station backend lacks throttling on repeated authentication attempts. This deficiency allows an attacker to perform a denial-of-service attack, which is a...

8.7CVSS6.1AI score0.0038EPSS
Exploits0References5
ICS
ICS
added 2026/07/07 6:0 a.m.5 views

Hydro-Québec Le Circuit Electrique charging station backend

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could lead to privilege escalation, or result in a denial-of-service attack. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network...

9.8CVSS6.1AI score0.00519EPSS
Exploits0References11
EUVD
EUVD
added 2026/06/26 12:32 a.m.10 views

EUVD-2026-39564

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

6.9CVSS5.8AI score0.00248EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/26 12:32 a.m.5 views

EUVD-2026-39569

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to impersonate charging stations. As a result, attackers can exploit this weakness to gain unauthorized access to sensitive data or perform unauthorized actions. Given that no authentication is required, this can lead t...

9.4CVSS5.9AI score0.00378EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 10:17 p.m.9 views

CVE-2026-40702

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to impersonate charging stations. As a result, attackers can exploit this weakness to gain unauthorized access to sensitive data or perform unauthorized actions. Given that no authentication is required, this can lead t...

9.4CVSS0.00378EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 10:17 p.m.8 views

CVE-2026-44622

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

6.9CVSS0.00248EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 8:59 p.m.13 views

CVE-2026-40702

CVE-2026-40702 involves WebSocket endpoints in EVoke Systems EVoke CSMS that lack authentication, allowing attackers to impersonate charging stations and gain unauthorized access or perform actions. The underlying issue is no authentication for the WebSocket interface, enabling privilege escalati...

9.4CVSS5.9AI score0.00378EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 8:56 p.m.21 views

CVE-2026-54479 EVoke Systems EVoke CSMS Insufficient Session Expiration

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers. This vulnerability may allow unauthorized users to authenticate as oth...

7.3CVSS0.00246EPSS
Exploits0References3
Rows per page
Query Builder