Home

Description

Multiple connections to the backend using the same charging station ID are allowed, which could allow an attacker to deploy multiple instances of malicious OCPP clients to overwhelm the backend.

PUBLISHED Reserved 2026-05-07 | Published 2026-07-10 | Updated 2026-07-10 | Assigner icscert




HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-613

Product status

Default status
unaffected

Any version before June_2026
affected

Credits

An anonymous researcher reported this vulnerability to CISA finder

References

www.hydroquebec.com/nous-joindre/

www.cisa.gov/news-events/ics-advisories/icsa-26-188-01

github.com/...p/csaf_files/OT/white/2026/icsa-26-188-01.json

cve.org (CVE-2026-44383)

nvd.nist.gov (CVE-2026-44383)

Download JSON