Home
HIGH: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HHIGH: 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:NDefault status
unaffected
Any version before June_2026
affected
Description
Multiple connections to the backend using the same charging station ID are allowed, which could allow an attacker to deploy multiple instances of malicious OCPP clients to overwhelm the backend.
Problem types
Product status
Any version before June_2026
Credits
An anonymous researcher reported this vulnerability to CISA
References
www.hydroquebec.com/nous-joindre/
www.cisa.gov/news-events/ics-advisories/icsa-26-188-01
github.com/...p/csaf_files/OT/white/2026/icsa-26-188-01.json