29 matches found
CVE-2026-24003
CVE-2026-24003 (EvseV2G) affects the EV charging software stack EVerest up to version 2025.12.1 . The issue is a bypass of the sequence/state verification, including authentication, allowing requests to transition to forbidden states and update the current context with illegitimate data. The inte...
CVE-2025-68140
Summary: CVE-2025-68140 affects EVerest EV charging software stack prior to 2025.9.0, where an unregistered session can be assumed as 0, allowing unauthorized and anonymous indirect emission of MQTT messages and communication with V2G message handlers, potentially updating a session context. Tech...
CVE-2026-26070
Summary: CVE-2026-26070 affects EVerest, the EV charging software stack. Versions prior to 2026.02.0 contain a data race that enables concurrent access to std::mapstd::optional , potentially causing container/optional corruption. The race is triggered during an EV SoC update with a periodic power...
CVE-2026-27815
CVE-2026-27815 affects EVerest EV charging stack. Prior to 2026.02.0, the function ISO15118_chargerImpl::handle_session_setup copies a variable-length payment_options list into a fixed-size array of length 2 without bounds checking. With default schema validation disabled, oversized MQTT Cmd payl...
CVE-2026-27828
CVE-2026-27828 — EVerest : In EVerest prior to 2026.02.0, ISO15118_chargerImpl::handle_session_setup accesses the freed v2g_ctx after ISO15118 initialization fails (e.g., no IPv6 link-local address). An attacker with MQTT access can remotely crash the EVSE process by issuing a session_setup comma...
CVE-2025-68133
CVE-2025-68133 affects the EVerest EV charging software stack. In versions 2025.9.0 and below, an attacker can exhaust the OS memory and terminate the module by opening an unlimited number of TCP connections that do not proceed to ISO 15118-2 communication. This occurs because a new thread is sta...
CVE-2025-68139
CVE-2025-68139 affects EVerest EV charging software stack. All versions up to and including 2025.12.1 default terminate_connection_on_failed_response to false, meaning the EV is responsible for closing sessions/connections after module errors; errors are logged but no automatic countermeasures (e...
CVE-2026-23955
CVE-2026-23955 affects the EVerest EV charging software stack prior to version 2025.9.0. In several places, integers are concatenated to literal strings when throwing errors, causing pointer arithmetic instead of printing the integer value. This can allow a malicious operator to read unintended m...
CVE-2026-23995
EVerest has a stack-based buffer overflow in the CAN interface initialization. If a CAN interface name exceeds IFNAMSIZ (16), touching CAN open routines overflows the stack via ifreq.ifr_name, potentially leading to code execution. This affects versions prior to 2026.02.0; the patch is included i...
CVE-2026-26072
EVerest EV charging software stack is affected. Versions prior to 2026.02.0 have a data race on concurrent access to std::mapstd::optional , potentially causing container/optional corruption during EV SoC updates with powermeter periodic updates and unplugging/SessionFinished status. The issue is...
CVE-2026-26074
EVerest EV charging software stack has a data race in versions prior to 2026.02.0, causing possible corruption of map data structures (event_queue). The race is triggered over the network CSMS GetLog/UpdateFirmware request when an EVSE fault event is present, leading to concurrent access detected...
CVE-2025-68132
CVE-2025-68132 affects EVerest EV charging software stack. The issue lies in the DZG_GSH01 powermeter SLIP parser, where is_message_crc_correct reads vec[vec.size()-1] and vec[vec.size()-2] without verifying that at least two bytes exist. Malformed SLIP frames on the serial link can reach this fu...
CVE-2025-68134
Summary: CVE-2025-68134 affects EVerest before version 2025.10.0, where repeated use of the assert function to handle errors can cause a crash of the module. The manager behavior (shutting down other modules and exiting on a crash) can lead to a denial of service in setups with multiple EVSE. Imp...
CVE-2025-68136
CVE-2025-68136 (EVerest) affects the EV charging software stack prior to version 2025.10.0. On SDP requests, the module creates a new set of objects (Session, IConnection) and opens a new TCP socket for ISO15118-20 communications, registering callbacks for the new file descriptor without closing/...
CVE-2025-68141
CVE-2025-68141 affects the EVerest EV charging software stack. Before version 2025.10.0, deserializing a DC_ChargeLoopRes message that includes Receipt and TaxCosts can access the vector tax_costs in Receipt out of bounds, in the function template void convert(const struct iso20_dc_DetailedTaxTy...
CVE-2026-22790
EV charging stack EVerest is vulnerable before 2026.02.0: HomeplugMessage::setup_payload trusts len after an assert; in release builds the check is removed, enabling oversized SLAC payloads to be memcpy’d into a ~1497-byte stack buffer, corrupting the stack and allowing remote code execution from...
CVE-2026-33014
The CVE-2026-33014 entry describes a vulnerability in the EVerest EV charging software stack where, before version 2026.02.0, a delayed authorization response during RemoteStop processing resets the authorized flag to true, bypassing the stop_transaction() condition on PowerOff events. This allow...
CVE-2025-68135
EVerest (EV charging software stack) prior to version 2025.10.0 has a vulnerability in the TbdController loop where C++ exceptions are not properly handled, causing the loop and its caller to terminate silently and leading to a denial of service affecting SDP and ISO15118-20 servers. The issue is...
CVE-2025-68137
EVerest before version 2025.10.0 is affected by an integer overflow in SdpPacket::parse_header(). After reading an 8-byte header, the remaining length can be set to 7, and the calculation of the remaining length yields a negative value that is interpreted as SIZE_MAX. This can cause an infinite l...
CVE-2026-26008
The CVE concerns EVerest EV charging software stack. Versions before 2026.02.0 expose an out-of-bounds access in a std::vector triggered by UpdateAllowedEnergyTransferModes over the network via CSMS, enabling possible remote crash or memory corruption. The issue affects the affected releases prio...
CVE-2026-26073
Affected software. EVerest EV charging software stack (prior to 2026.02.0). Vulnerability and root cause. A data race can occur in the internal event handling (powermeter public key update and EV session/error events when OCPP is not started), which may corrupt std::queue/std::deque and trigger r...
CVE-2026-27816
EVerest prior to version 2026.02.0 has a buffer overflow in ISO15118_chargerImpl::handle_update_energy_transfer_modes where a variable-length list is copied into a fixed-size 6-element array without bounds checks. With default schema validation disabled, oversized MQTT Cmd payloads can cause out-...
CVE-2026-27813
CVE-2026-27813 affects the EVerest EV charging software stack. Versions prior to 2026.02.0 contain a data race that can lead to a use-after-free condition. The issue is triggered by EV plug-in/unplug events and RFID/RemoteStart/OCPP authorization events (or delayed authorization responses). A pat...
CVE-2026-22593
The CVE-2026-22593 affects the EVerest EV charging software stack. Before version 2026.02.0, an off-by-one check in IsoMux certificate filename handling can overflow a stack when a filename length equals MAX_FILE_NAME_LENGTH (100), potentially corrupting stack state and enabling code execution. A...
CVE-2026-33009
CVE-2026-33009 affects EVerest EV charging software. Pre-2026.02.0 versions have a data race causing possible C++ undefined behavior/memory corruption when processing an MQTT topic everest_external/nodered/{connector}/cmd/switch_three_phases_while_charging, leading to concurrent access of Charger...
CVE-2026-27814
EVerest EV charging software stack is affected: a data race (C++ undefined behavior) in ac_switch_three_phases_while_charging triggers when a 1-phase ↔ 3-phase switch request runs concurrently with the state machine loop. Affected versions are prior to 2026.02.0; version 2026.02.0 contains the pa...
CVE-2026-26071
CVE-2026-26071 – EVerest : The affected product is the EVerest EV charging software stack. Versions prior to 2026.02.0 suffer a data race that allows concurrent access to a std::string, with a possible heap-use-after-free. The issue is triggered by EVCCID updates (EV/ISO15118) and OCPP session/au...
CVE-2026-29044
EVerest EV charging software stack vulnerability CVE-2026-29044: before version 2026.02.0, processing WithdrawAuthorization prior to TransactionStarted can leave transaction_active=false and trigger deauthorize without performing StopTransaction in the Charging state, enabling authorization withd...
CVE-2026-33015
Summary of CVE-2026-33015 (EVerest) : EVerest EV charging software stack is affected prior to version 2026.02.0. The vulnerability allows a session to restart after a RemoteStop (StopTransaction) via the EV’s BCB toggle, enabling the EVSE to return to PrepareCharging. This undermines the intended...