{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/bs20-ev-charging-station/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.1,"id":"CVE-2026-9397"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["BS20 EV Charging Station"],"_cs_severities":["high"],"_cs_tags":["cve","improper authorization","ev charging station","network"],"_cs_type":"advisory","_cs_vendors":["Besen"],"content_html":"\u003cp\u003eCVE-2026-9397 identifies an improper authorization vulnerability within the Besen BS20 EV Charging Station, affecting versions up to 20260426. The vulnerability exists within the OTA Update Installation Handler component, allowing for remote exploitation. While the attack complexity is rated as high and exploitation is considered difficult, successful exploitation could grant unauthorized privileges to an attacker. The vendor, Besen, has acknowledged the reported vulnerability and is currently reviewing it as of April 2026. This vulnerability poses a risk to the availability and integrity of affected EV charging stations, potentially disrupting services and impacting users.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a Besen BS20 EV Charging Station with a vulnerable firmware version (\u0026lt;= 20260426) exposed to the network.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious OTA update package targeting the vulnerable OTA Update Installation Handler.\u003c/li\u003e\n\u003cli\u003eAttacker initiates an OTA update process, potentially bypassing authentication or authorization checks within the handler.\u003c/li\u003e\n\u003cli\u003eThe charging station attempts to retrieve and install the malicious OTA update package.\u003c/li\u003e\n\u003cli\u003eDue to the improper authorization vulnerability, the malicious update is installed without proper verification.\u003c/li\u003e\n\u003cli\u003eThe malicious update modifies system configurations, installs backdoors, or alters the charging station\u0026rsquo;s behavior.\u003c/li\u003e\n\u003cli\u003eAttacker gains unauthorized access to the charging station\u0026rsquo;s internal functions and data.\u003c/li\u003e\n\u003cli\u003eAttacker leverages escalated privileges to disrupt charging services, collect user data, or potentially use the charging station as a foothold for further attacks on the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-9397 could allow attackers to remotely control affected Besen BS20 EV Charging Stations. This could lead to disruption of charging services, potentially affecting numerous users relying on these stations. Data exfiltration, though not explicitly mentioned, remains a possibility given unauthorized access. The vulnerability impacts any BS20 station running firmware up to version 20260426.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Suspicious OTA Update Requests\u0026rdquo; to monitor for unusual network activity associated with OTA update processes targeting EV charging stations (log source: network_connection).\u003c/li\u003e\n\u003cli\u003eImplement the Sigma rule \u0026ldquo;Detect Malicious Firmware Installation Attempts\u0026rdquo; to identify suspicious processes or file modifications related to firmware updates on the affected systems (log source: process_creation, file_event).\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for unusual patterns or connections originating from or directed towards Besen BS20 EV Charging Stations, focusing on communications related to the OTA Update Installation Handler.\u003c/li\u003e\n\u003cli\u003eContact Besen support for information regarding a patch or updated firmware to address CVE-2026-9397 and apply it as soon as it becomes available.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-26T13:49:49Z","date_published":"2026-05-26T13:49:49Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-9397/","summary":"CVE-2026-9397 describes an improper authorization vulnerability in Besen BS20 EV Charging Station up to version 20260426, allowing remote attackers to gain unauthorized privileges via the OTA Update Installation Handler.","title":"CVE-2026-9397 - Besen BS20 EV Charging Station Improper Authorization Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-9397/"}],"language":"en","title":"CraftedSignal Threat Feed — BS20 EV Charging Station","version":"https://jsonfeed.org/version/1.1"}