Market-Analysis-Driven Methodology for Assessing Charging Station Cybersecurity

Modern charging communication standards for electric vehicles include optional security controls such as TLS-based authentication and encryption. However, with tens of thousands of fast charging points deployed in any given country, individually testing each one for security control support is...

CVE-2026-28204

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

CVE-2026-31926 IGL-Technologies eParking.fi Insufficiently Protected Credentials

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

CVE-2026-32663

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

CVE-2026-25192

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

PT-2026-26686

Name of the Vulnerable Software and Affected Versions CTEK Chargeport affected versions not specified Description WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated...

PT-2026-26695

CVE-2026-28204 Charging station authentication identifiers are publicly accessible via web-based mapping platforms. https://t.co/aldAqfvMsO...

IGL-Technologies eParking.fi

RISK EVALUATION Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...

CTEK Chargeportal

RISK EVALUATION Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...

EUVD-2025-208479

A vulnerability has been identified in Heliox Flex 180 kW EV Charging Station All versions F4.11.1, Heliox Mobile DC 40 kW EV Charging Station All versions L4.10.1. Affected devices contain improper access control that could allow an attacker to reach unauthorized services via the charging cable...

CVE-2025-27769

A vulnerability has been identified in Heliox Flex 180 kW EV Charging Station All versions F4.11.1, Heliox Mobile DC 40 kW EV Charging Station All versions L4.10.1. Affected devices contain improper access control that could allow an attacker to reach unauthorized services via the charging cable...

CVE-2026-24912

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

EUVD-2026-10036

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

CVE-2026-27027

Technical details about CVE-2026-27027 are not publicly available in the provided documents. Monitor for updates from listed sources; none of the connected records disclose affected products, versions, root cause, or fixes.

CVE-2026-26288 Everon api.everon.io Missing Authentication for Critical Function

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

CVE-2026-27777 Mobiliti e-mobi.hu Insufficiently Protected Credentials

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

EUVD-2026-9942

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

Mobiliti 代码问题漏洞

Mobiliti is an electric vehicle charging station system developed by the Hungarian company Mobiliti. Mobiliti has a code vulnerability that arises from using charging station identifiers to associate sessions, but allowing multiple endpoints to use the same session identifier for connection. This...

ePower 安全漏洞

ePower is a electric vehicle charging station system owned by the Irish company ePower. ePower has a security vulnerability, as the identity identifiers of charging stations can be accessed publicly through a web-based mapping platform...

PT-2026-23720

Name of the Vulnerable Software and Affected Versions Charging station affected versions not specified Description Charging station authentication identifiers are publicly accessible through web-based mapping platforms. This exposure potentially allows unauthorized access or misuse of charging...