{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/electric-vehicle/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["electric-vehicle","charging-station","websocket"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eSWITCH EV\u0026rsquo;s swtchenergy.com charging stations are affected by multiple vulnerabilities that could allow attackers to gain unauthorized access and disrupt services. These vulnerabilities include missing authentication mechanisms, lack of rate limiting on authentication requests, predictable session identifiers, and publicly accessible authentication identifiers. Successful exploitation could lead to station impersonation, session hijacking, denial-of-service attacks, and manipulation of backend data. The affected product is swtchenergy.com versions all/* . The vendor did not respond to CISA\u0026rsquo;s request for coordination. The charging stations are deployed worldwide in the energy and transportation sectors.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a charging station ID via public mapping platforms (CVE-2026-27773).\u003c/li\u003e\n\u003cli\u003eAttacker connects to the OCPP WebSocket endpoint of the charging station using the discovered ID (CVE-2026-27767).\u003c/li\u003e\n\u003cli\u003eBecause no authentication is required, the attacker impersonates the charging station.\u003c/li\u003e\n\u003cli\u003eAttacker sends malicious commands to the backend, potentially manipulating charging parameters or data (CVE-2026-27767).\u003c/li\u003e\n\u003cli\u003eAlternatively, the attacker floods the authentication endpoint with requests, causing a denial-of-service condition by overwhelming the backend (CVE-2026-25113).\u003c/li\u003e\n\u003cli\u003eAttacker hijacks a legitimate session by establishing a new connection using the same session identifier (CVE-2026-25778).\u003c/li\u003e\n\u003cli\u003eThe legitimate charging station is disconnected, and the attacker receives backend commands intended for the legitimate station.\u003c/li\u003e\n\u003cli\u003eAttacker manipulates charging station behavior or data, causing disruption or financial loss.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of these vulnerabilities could have significant consequences. Attackers could impersonate charging stations, hijack sessions, suppress or misroute traffic to cause large-scale denial-of-service attacks, and manipulate data sent to the backend. This could lead to widespread disruption of EV charging services, financial losses for charging station operators and users, and potential damage to the electrical grid. Given the global deployment of these charging stations in the energy and transportation sectors, the impact could be widespread.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor network connections to OCPP WebSocket endpoints for connections without proper authentication to detect potential station impersonation attempts related to CVE-2026-27767.\u003c/li\u003e\n\u003cli\u003eImplement rate limiting on authentication requests to the WebSocket API to mitigate denial-of-service attacks as described in CVE-2026-25113.\u003c/li\u003e\n\u003cli\u003eMonitor for multiple connections using the same session identifier to detect potential session hijacking attempts related to CVE-2026-25778.\u003c/li\u003e\n\u003cli\u003eMonitor for access to swtchenergy.com from unusual or unexpected geolocations.\u003c/li\u003e\n\u003cli\u003eConsult SWITCH EV (swtchenergy.com) for potential mitigations or workarounds, as they did not respond to CISA\u0026rsquo;s request for coordination.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-02-27T12:00:00Z","date_published":"2026-02-27T12:00:00Z","id":"/briefs/2026-02-switch-ev-vulns/","summary":"Multiple vulnerabilities in SWITCH EV swtchenergy.com charging stations could allow attackers to impersonate stations, hijack sessions, cause denial of service, and manipulate backend data due to missing authentication, rate limiting issues, session expiration flaws, and exposed credentials.","title":"Multiple Vulnerabilities in SWITCH EV Charging Stations","url":"https://feed.craftedsignal.io/briefs/2026-02-switch-ev-vulns/"}],"language":"en","title":"CraftedSignal Threat Feed — Electric-Vehicle","version":"https://jsonfeed.org/version/1.1"}