Lucene search
K

245 matches found

NVD
NVD
added yesterday4 views

CVE-2026-22093

The EVbee Service Android app uses TLS encrypted communication HTTPS, but does not validate the certificate provided by the server. This allows an attacker on the network path between the app and EVbee server to intercept and manipulate the communication between the app and server. The traffic is...

9.5CVSS0.00203EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday10 views

CVE-2026-22099 Missing authentication for Bluetooth communication

The charging station does not require authentication for Bluetooth commands to perform actions. The functionality exposed includes sensitive information leakage, triggering reboots, or pushing a firmware update URL...

8.7CVSS0.00247EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43096

Multiple connections to the backend using the same charging station ID are allowed, which could allow an attacker to deploy multiple instances of malicious OCPP clients to overwhelm the backend...

8.7CVSS6.1AI score0.00563EPSS
Exploits0References4
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43095

Previously, there was no throttling on repeated authentication attempts to the charging station backend, which could allow an attacker to execute a denial-of-service attack...

8.7CVSS6.1AI score0.0038EPSS
Exploits0References4
EUVD
EUVD
added 3 days ago21 views

EUVD-2026-43094

The charging station websocket endpoint accepts connections without proper authentication, which could lead to privilege escalation...

9.8CVSS6.1AI score0.00519EPSS
Exploits0References4
NVD
NVD
added 4 days ago7 views

CVE-2026-42952

Previously, there was no throttling on repeated authentication attempts to the charging station backend, which could allow an attacker to execute a denial-of-service attack...

8.7CVSS0.0038EPSS
Exploits0References3
NVD
NVD
added 4 days ago7 views

CVE-2026-20744

The charging station websocket endpoint accepts connections without proper authentication, which could lead to privilege escalation...

9.8CVSS0.00519EPSS
Exploits0References3
CVE
CVE
added 4 days ago9 views

CVE-2026-44383

CVE-2026-44383 concerns Hydro-Québec Le Circuit Electrique charging station backend with insufficient session expiration. The issue allows multiple connections using the same charging station ID, enabling attackers to deploy multiple OCPP clients to overwhelm the backend, impacting availability (...

8.7CVSS6.1AI score0.00563EPSS
Exploits0References3
CVE
CVE
added 4 days ago25 views

CVE-2026-20744

CVE-2026-20744 concerns Hydro-Québec Le Circuit Electrique charging station backend. The issue is an improper access control on the charging station websocket endpoint, allowing connections without authentication and potentially enabling privilege escalation. ICSCERT metrics show critical impact ...

9.8CVSS6.1AI score0.00519EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-57338

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The charging station websocket endpoint accepts connections without proper authentication. This flaw allows for privilege escalation and is exploitable over the...

9.8CVSS6.1AI score0.00519EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-57339

Name of the Vulnerable Software and Affected Versions EV charging station backends affected versions not specified Description The charging station backend lacks throttling on repeated authentication attempts. This deficiency allows an attacker to perform a denial-of-service attack, which is a...

8.7CVSS6.1AI score0.0038EPSS
Exploits0References5
ICS
ICS
added last week5 views

Hydro-Québec Le Circuit Electrique charging station backend

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could lead to privilege escalation, or result in a denial-of-service attack. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network...

9.8CVSS6.1AI score0.00519EPSS
Exploits0References11
EUVD
EUVD
added 2026/06/26 12:32 a.m.10 views

EUVD-2026-39564

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

6.9CVSS5.8AI score0.00248EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 10:17 p.m.8 views

CVE-2026-44622

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

6.9CVSS0.00248EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 8:56 p.m.21 views

CVE-2026-54479 EVoke Systems EVoke CSMS Insufficient Session Expiration

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers. This vulnerability may allow unauthorized users to authenticate as oth...

7.3CVSS0.00246EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/25 8:56 p.m.7 views

CVE-2026-54479

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers. This vulnerability may allow unauthorized users to authenticate as oth...

7.3CVSS5.9AI score0.00246EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/25 8:53 p.m.6 views

CVE-2026-44622

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

6.9CVSS5.8AI score0.00248EPSS
Exploits0References4
ICS
ICS
added 2026/06/25 5:0 a.m.9 views

EVoke Systems Charging Station Management System

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...

9.4CVSS5.9AI score0.00378EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.14 views

CVE-2026-9398

A security vulnerability has been detected in Besen BS20 EV Charging Station up to 20260426. This affects an unknown part of the component BLE/WiFi. Such manipulation leads to authentication bypass by capture-replay. The attack must be carried out from within the local network. Attacks of this...

3.1CVSS5.2AI score0.00294EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/26 8:14 p.m.15 views

CVE-2026-9397

A weakness has been identified in Besen BS20 EV Charging Station up to 20260426. Affected by this issue is some unknown functionality of the component OTA Update Installation Handler. This manipulation causes improper authorization. The attack is possible to be carried out remotely. A high degree...

9.2CVSS6.5AI score0.00454EPSS
Exploits0References1
Rows per page
Query Builder