4 matches found
CVE-2026-27767
The CVE-2026-27767 issue concerns WebSocket endpoints used for Open Charge Point Protocol (OCPP) in charging-station infrastructure. The underlying vulnerability is lack of authentication on these endpoints, allowing an unauthenticated attacker to connect with a known or discovered charging-stati...
CVE-2026-25113
CVE-2026-25113 is supported by concrete technical details in connected docs: the WebSocket API lacks rate limiting on authentication requests, enabling potential denial-of-service and brute-force attacks. The PT-2026-22240 report notes affected WebSocket API with no specific vulnerable versions l...
CVE-2026-25778
CVE-2026-25778 concerns the WebSocket backend used to manage charging-station sessions. The system ties sessions to charging-station identifiers but allows multiple endpoints to connect with the same session identifier, yielding predictable session IDs. This can enable session hijacking or shadow...
CVE-2026-27773
Technical details about CVE-2026-27773 are not publicly available in the provided documents. Monitor for updates from vendors and security advisories.