5 matches found
CVE-2026-40702 EVoke Systems EVoke CSMS Missing Authentication for Critical Function
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to impersonate charging stations. As a result, attackers can exploit this weakness to gain unauthorized access to sensitive data or perform unauthorized actions. Given that no authentication is required, this can lead t...
CVE-2026-44622
CVE-2026-44622 affects EVoke Systems EVoke CSMS (charging stations). The vulnerability is described as insufficiently protected credentials, causing authentication identifiers to be publicly accessible via web-based mapping platforms. CVSS v3.1 base score 6.5 (MEDIUM) and CVSS v4.0 base score 6.9...
CVE-2026-26074
EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to possible std::map corruption. The trigger is CSMS GetLog/UpdateFirmware request network with an EVSE fault event physical. This results in TSAN reports concurrent access data race to eventqueue...
EVerest 安全漏洞
EVerest is an open-source firmware for electric vehicle charging stations developed by EVerest. Versions of EVerest prior to 2026.02.0 contained security vulnerabilities. These vulnerabilities stemmed from the CSMS executing a RemoteStop operation, allowing the EVSE to revert to the PrepareChargi...
Is Your EV Charging Station Safe? New Security Vulnerabilities Uncovered
Two new security weaknesses discovered in several electric vehicle EV charging systems could be exploited to remotely shut down charging stations and even expose them to data and energy theft. The findings, which come from Israel-based SaiFlow, once again demonstrate the potential risks facing th...