https://feed.craftedsignal.io/tags/charging-station/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioFri, 27 Feb 2026 12:00:00 +0000https://feed.craftedsignal.io/briefs/2026-02-switch-ev-vulns/Fri, 27 Feb 2026 12:00:00 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-02-switch-ev-vulns/Multiple vulnerabilities in SWITCH EV swtchenergy.com charging stations could allow attackers to impersonate stations, hijack sessions, cause denial of service, and manipulate backend data due to missing authentication, rate limiting issues, session expiration flaws, and exposed credentials.SWITCH EV’s swtchenergy.com charging stations are affected by multiple vulnerabilities that could allow attackers to gain unauthorized access and disrupt services. These vulnerabilities include missing authentication mechanisms, lack of rate limiting on authentication requests, predictable session identifiers, and publicly accessible authentication identifiers. Successful exploitation could lead to station impersonation, session hijacking, denial-of-service attacks, and manipulation of backend data. The affected product is swtchenergy.com versions all/* . The vendor did not respond to CISA’s request for coordination. The charging stations are deployed worldwide in the energy and transportation sectors.

Attack Chain

1. Attacker identifies a charging station ID via public mapping platforms (CVE-2026-27773).
2. Attacker connects to the OCPP WebSocket endpoint of the charging station using the discovered ID (CVE-2026-27767).
3. Because no authentication is required, the attacker impersonates the charging station.
4. Attacker sends malicious commands to the backend, potentially manipulating charging parameters or data (CVE-2026-27767).
5. Alternatively, the attacker floods the authentication endpoint with requests, causing a denial-of-service condition by overwhelming the backend (CVE-2026-25113).
6. Attacker hijacks a legitimate session by establishing a new connection using the same session identifier (CVE-2026-25778).
7. The legitimate charging station is disconnected, and the attacker receives backend commands intended for the legitimate station.
8. Attacker manipulates charging station behavior or data, causing disruption or financial loss.

Impact

Successful exploitation of these vulnerabilities could have significant consequences. Attackers could impersonate charging stations, hijack sessions, suppress or misroute traffic to cause large-scale denial-of-service attacks, and manipulate data sent to the backend. This could lead to widespread disruption of EV charging services, financial losses for charging station operators and users, and potential damage to the electrical grid. Given the global deployment of these charging stations in the energy and transportation sectors, the impact could be widespread.

Recommendation

• Monitor network connections to OCPP WebSocket endpoints for connections without proper authentication to detect potential station impersonation attempts related to CVE-2026-27767.
• Implement rate limiting on authentication requests to the WebSocket API to mitigate denial-of-service attacks as described in CVE-2026-25113.
• Monitor for multiple connections using the same session identifier to detect potential session hijacking attempts related to CVE-2026-25778.
• Monitor for access to swtchenergy.com from unusual or unexpected geolocations.
• Consult SWITCH EV (swtchenergy.com) for potential mitigations or workarounds, as they did not respond to CISA’s request for coordination.

]]>criticaladvisoryelectric-vehiclecharging-stationwebsockethttps://feed.craftedsignal.io/briefs/2026-02-mobility46-vulns/Fri, 27 Feb 2026 12:00:00 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-02-mobility46-vulns/Multiple vulnerabilities in Mobility46 charging stations allow attackers to gain unauthorized administrative control or disrupt charging services through missing authentication, improper authentication restrictions, insufficient session expiration, and exposed credentials.Mobility46 charging stations are affected by multiple vulnerabilities that could allow attackers to gain unauthorized administrative control or disrupt charging services. These vulnerabilities, identified in all versions of mobility46.se, include missing authentication for critical functions (CVE-2026-27028), improper restriction of excessive authentication attempts (CVE-2026-26305), insufficient session expiration (CVE-2026-27647), and insufficiently protected credentials (CVE-2026-22878). Exploitation could lead to privilege escalation, unauthorized control of charging infrastructure, corruption of charging network data, and denial-of-service conditions. Mobility46 did not respond to CISA’s request for coordination. These charging stations are deployed worldwide across the energy and transportation sectors.

Attack Chain

1. Attacker identifies a Mobility46 charging station’s identifier via publicly accessible web-based mapping platforms due to insufficient credential protection (CVE-2026-22878).
2. Attacker connects to the charging station’s OCPP WebSocket endpoint using the discovered charging station identifier, exploiting the lack of authentication mechanisms (CVE-2026-27028).
3. Attacker issues unauthorized OCPP commands to the charging station, impersonating a legitimate charger due to missing authentication for critical functions (CVE-2026-27028).
4. Alternatively, the attacker overwhelms the WebSocket API with authentication requests, exploiting the lack of rate limiting and causing a denial-of-service condition (CVE-2026-26305).
5. Attacker hijacks or shadows a legitimate charging station session by establishing a new connection using the same session identifier, as multiple endpoints are allowed per session (CVE-2026-27647).
6. The attacker receives backend commands intended for the legitimate charging station, gaining unauthorized control (CVE-2026-27647).
7. Attacker manipulates charging parameters, disrupts charging services, or corrupts charging network data reported to the backend.
8. The final objective is to gain unauthorized control of charging infrastructure and disrupt charging services or cause financial and reputational damage.

Impact

Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations, leading to manipulation of charging parameters and disruption of services. Organizations in the energy and transportation sectors are affected worldwide. The lack of authentication and session management could allow attackers to cause denial-of-service conditions, potentially affecting numerous charging stations simultaneously. This could lead to significant financial losses, reputational damage, and disruption of critical infrastructure.

Recommendation

• Monitor network connections for unusual WebSocket traffic patterns originating from or directed towards the domain mobility46.se to detect potential exploitation attempts (IOC: mobility46.se).
• Deploy the Sigma rule “Detect Unauthenticated WebSocket Connection to Mobility46 Charging Station” to identify connections lacking proper authentication. Enable network connection logging for WebSocket traffic (Sigma Rule).
• Apply rate limiting measures to the WebSocket API endpoints to mitigate potential denial-of-service attacks resulting from excessive authentication attempts as described in CVE-2026-26305.
• Implement robust authentication mechanisms for all WebSocket endpoints to prevent unauthorized station impersonation and data manipulation, addressing CVE-2026-27028.
• Investigate and remediate the exposure of charging station authentication identifiers on web-based mapping platforms to prevent unauthorized access, addressing CVE-2026-22878.

]]>criticaladvisorymobility46charging-stationvulnerabilityicshttps://feed.craftedsignal.io/briefs/2026-02-ev2go-vulns/Fri, 27 Feb 2026 10:00:00 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-02-ev2go-vulns/Multiple vulnerabilities in EV2GO charging stations, including missing authentication and session management flaws, could allow attackers to impersonate stations, hijack sessions, and cause denial-of-service conditions.Multiple vulnerabilities have been discovered in EV2GO ev2go.io charging stations. These vulnerabilities, identified as CVE-2026-24731, CVE-2026-25945, CVE-2026-20895, and CVE-2026-22890, relate to missing authentication for critical functions, improper restriction of excessive authentication attempts, insufficient session expiration, and insufficiently protected credentials. Successful exploitation of these flaws could enable attackers to impersonate charging stations, hijack legitimate user sessions, suppress or misroute traffic, potentially leading to a large-scale denial-of-service (DoS) attack. These vulnerabilities affect all versions of ev2go.io and impact critical infrastructure sectors such as energy and transportation systems globally. The lack of vendor response to reported vulnerabilities further exacerbates the risk.

Attack Chain

1. Attacker identifies a valid charging station identifier using publicly accessible mapping platforms, exploiting CVE-2026-22890.
2. Attacker connects to the OCPP WebSocket endpoint of a charging station without proper authentication, leveraging CVE-2026-24731.
3. Attacker issues unauthorized OCPP commands to the backend as a legitimate charger, due to the missing authentication mechanisms (CVE-2026-24731).
4. Attacker attempts multiple authentication requests without any rate limiting, potentially leading to a denial-of-service (DoS) by overwhelming the backend (CVE-2026-25945).
5. Attacker hijacks or shadows existing sessions due to predictable session identifiers and the ability for multiple endpoints to connect using the same identifier (CVE-2026-20895).
6. Legitimate charging station is displaced, and the attacker receives backend commands intended for the original station (CVE-2026-20895).
7. Attacker manipulates charging station operations or charging network data reported to the backend.
8. Final objective: Cause disruption of charging services for users, corrupt charging network data, or potentially gain control of the charging infrastructure.

Impact

Successful exploitation of these vulnerabilities could have significant consequences. An attacker can disrupt charging services, leading to stranded electric vehicles and customer dissatisfaction. Data manipulation could result in incorrect billing or inaccurate reporting. A large-scale denial-of-service attack could impact entire charging networks, affecting energy distribution and transportation systems. Given the widespread deployment of EV2GO charging stations worldwide, a successful attack could affect a large number of users and critical infrastructure.

Recommendation

• Monitor network traffic for connections to ev2go.io that do not originate from known, authorized charging stations.
• Implement rate limiting on authentication attempts to the OCPP WebSocket API to mitigate CVE-2026-25945.
• Deploy the Sigma rule “Detect Unauthorized OCPP Connection” to identify potential station impersonation attempts based on CVE-2026-24731.
• Monitor for unexpected OCPP commands being issued from charging stations that are not aligned with normal operation to detect malicious manipulation of charging infrastructure, as described in CVE-2026-24731.
• Contact EV2GO at https://ev2go.io/ for information on patching or mitigating these vulnerabilities.

]]>criticaladvisoryev2gocharging-stationvulnerabilitydenial-of-servicehttps://feed.craftedsignal.io/briefs/2026-02-ev-energy-vulns/Thu, 26 Feb 2026 12:00:00 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-02-ev-energy-vulns/Multiple vulnerabilities exist in EV Energy ev.energy that could allow an attacker to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks.Multiple vulnerabilities have been identified in EV Energy ev.energy charging stations, potentially allowing attackers to gain unauthorized administrative control or disrupt charging services. The vulnerabilities, detailed in CISA ICS Advisory ICSA-26-057-07, affect all versions of ev.energy. These vulnerabilities include missing authentication for critical functions (CVE-2026-27772), improper restriction of excessive authentication attempts (CVE-2026-24445), insufficient session expiration (CVE-2026-26290), and insufficiently protected credentials (CVE-2026-25774). Successful exploitation could lead to privilege escalation, unauthorized control of charging infrastructure, and denial-of-service conditions. The affected sectors include Energy and Transportation Systems, with worldwide deployment. The vendor, EV Energy, has not responded to CISA’s request for coordination.

Attack Chain

1. Reconnaissance: An attacker identifies EV Energy ev.energy charging stations that have publicly accessible authentication identifiers via web-based mapping platforms (CVE-2026-25774).
2. Unauthorized WebSocket Connection: The attacker connects to the OCPP WebSocket endpoint using a known charging station identifier without proper authentication (CVE-2026-27772).
3. Session Hijacking: The attacker exploits the lack of session expiration and predictable session identifiers to hijack a legitimate charging station’s session (CVE-2026-26290).
4. Data Manipulation: The attacker issues unauthorized OCPP commands, manipulating data sent to the backend and gaining unauthorized control of the charging infrastructure (CVE-2026-27772).
5. Privilege Escalation: Through unauthorized access and command execution, the attacker escalates privileges to administrative control over the charging station (CVE-2026-27772).
6. Denial-of-Service: Alternatively, the attacker floods the WebSocket API with excessive authentication requests, causing a denial-of-service condition by suppressing or misrouting legitimate charger telemetry (CVE-2026-24445).
7. Service Disruption: Legitimate users are unable to use the charging stations due to the attacker’s control or the denial-of-service condition.
8. Network Data Corruption: The attacker manipulates charging network data reported to the backend, potentially impacting billing or grid management systems (CVE-2026-27772).

Impact

Successful exploitation of these vulnerabilities can lead to significant disruptions in the Energy and Transportation Systems sectors. An attacker could gain administrative control over charging stations, manipulate charging processes, and cause denial-of-service conditions, rendering the stations unusable. The lack of vendor response further exacerbates the risk, leaving users without official patches or mitigation guidance. The compromise of charging network data could also have downstream impacts on billing and grid management systems.

Recommendation

• Implement rate limiting on WebSocket authentication requests to mitigate CVE-2026-24445, preventing denial-of-service attacks. Monitor network traffic for excessive authentication attempts targeting OCPP WebSocket endpoints, and deploy a custom rule to detect such attempts.
• Disable or restrict public access to web-based mapping platforms that expose charging station authentication identifiers to mitigate CVE-2026-25774. Conduct regular audits of publicly available information to identify and remove exposed credentials.
• Deploy network segmentation and firewall rules to minimize network exposure for all charging station devices, as recommended by CISA. This will limit the attack surface and prevent unauthorized access from the Internet.

]]>criticaladvisoryev.energycharging-stationicsvulnerabilitydos