{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/ev-charging/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve","ev-charging","out-of-bounds","denial-of-service"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eEVerest is an EV charging software stack used for managing electric vehicle charging infrastructure. Versions prior to 2026.02.0 are vulnerable to an out-of-bounds access issue (CVE-2026-26008) that can be triggered remotely. The vulnerability stems from how the Central System Management System (CSMS) handles the \u003ccode\u003eUpdateAllowedEnergyTransferModes\u003c/code\u003e message over the network. Successful exploitation can lead to a crash of the EVerest software or memory corruption, potentially disrupting EV…\u003c/p\u003e\n","date_modified":"2026-03-27T12:00:00Z","date_published":"2026-03-27T12:00:00Z","id":"/briefs/2026-03-everest-oob/","summary":"EVerest, an EV charging software stack, has an out-of-bounds access vulnerability in versions prior to 2026.02.0, which can lead to remote crash or memory corruption when the CSMS sends UpdateAllowedEnergyTransferModes over the network.","title":"EVerest Out-of-Bounds Access Vulnerability (CVE-2026-26008)","url":"https://feed.craftedsignal.io/briefs/2026-03-everest-oob/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["everest","buffer-overflow","cve-2026-23995","ev-charging"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eEVerest is an open-source software stack for electric vehicle (EV) charging infrastructure. A stack-based buffer overflow vulnerability, tracked as CVE-2026-23995, affects versions prior to 2026.02.0. The vulnerability stems from improper handling of CAN (Controller Area Network) interface names during initialization. Specifically, when an interface name exceeding IFNAMSIZ (16 bytes) is supplied to CAN open routines, the \u003ccode\u003eifreq.ifr_name\u003c/code\u003e buffer overflows, potentially corrupting adjacent stack…\u003c/p\u003e\n","date_modified":"2026-03-27T12:00:00Z","date_published":"2026-03-27T12:00:00Z","id":"/briefs/2026-03-everest-can-overflow/","summary":"A stack-based buffer overflow vulnerability exists in EVerest EV charging software stack versions prior to 2026.02.0. Passing an interface name longer than 16 characters to CAN open routines overflows `ifreq.ifr_name`, potentially leading to code execution.","title":"EVerest CAN Interface Stack Buffer Overflow Vulnerability (CVE-2026-23995)","url":"https://feed.craftedsignal.io/briefs/2026-03-everest-can-overflow/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["cve-2026-26074","data-race","ev-charging","everest"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eEVerest, an EV charging software stack, is susceptible to a data race vulnerability identified as CVE-2026-26074. This flaw affects versions prior to 2026.02.0. The vulnerability arises from concurrent access to the \u003ccode\u003eevent_queue\u003c/code\u003e, specifically a \u003ccode\u003estd::map\u0026lt;std::queue\u0026gt;\u003c/code\u003e, when a CSMS (Charging Station Management System) GetLog or UpdateFirmware request (originating from the network) coincides with an EVSE (Electric Vehicle Supply Equipment) fault event (a physical occurrence). This combination of…\u003c/p\u003e\n","date_modified":"2026-03-26T17:16:33Z","date_published":"2026-03-26T17:16:33Z","id":"/briefs/2026-03-everest-data-race/","summary":"EVerest versions prior to 2026.02.0 exhibit a data race vulnerability (CVE-2026-26074) where concurrent network requests and physical events can corrupt the event queue, leading to potential denial of service or other undefined behavior.","title":"EVerest EV Charging Stack Data Race Vulnerability (CVE-2026-26074)","url":"https://feed.craftedsignal.io/briefs/2026-03-everest-data-race/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["buffer overflow","EV charging","code execution"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eEVerest is an open-source software stack for electric vehicle (EV) charging infrastructure. Prior to version 2026.02.0, the IsoMux component contains a vulnerability related to certificate filename handling. Specifically, an off-by-one error occurs when validating the length of certificate filenames. If a filename in the certificate directory equals \u003ccode\u003eMAX_FILE_NAME_LENGTH\u003c/code\u003e (100 characters), a stack-based buffer overflow can be triggered. A malicious actor could exploit this vulnerability by creating a crafted filename, leading to the corruption of stack state and, potentially, arbitrary code execution. The vulnerability has a CVSS v3.1 score of 8.4 (HIGH). EVerest version 2026.02.0 addresses this issue with a patch.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a vulnerable EVerest instance running a version prior to 2026.02.0.\u003c/li\u003e\n\u003cli\u003eThe attacker gains access to the certificate directory of the EVerest IsoMux component. The method of access is not specified in the report.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious filename with a length of 100 characters (MAX_FILE_NAME_LENGTH).\u003c/li\u003e\n\u003cli\u003eThe attacker uploads or creates the crafted file within the certificate directory.\u003c/li\u003e\n\u003cli\u003eWhen IsoMux processes the certificate directory, the off-by-one error occurs during filename length validation.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003efile_names[idx]\u003c/code\u003e buffer overflows, overwriting adjacent stack memory.\u003c/li\u003e\n\u003cli\u003eThe overflow corrupts critical stack data, potentially including return addresses or other function parameters.\u003c/li\u003e\n\u003cli\u003eUpon function return, the corrupted return address is used, redirecting execution flow to attacker-controlled code, resulting in arbitrary code execution.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an attacker to execute arbitrary code on the EVerest system. This could lead to a compromise of the EV charging infrastructure, potentially disrupting charging services, modifying charging parameters, or gaining unauthorized access to sensitive data related to EV charging operations. Since EVerest is used in EV charging stations, a successful attack could impact multiple charging stations, depending on the deployment architecture, leading to a widespread disruption. The number of affected installations is currently unknown.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade EVerest to version 2026.02.0 or later to patch the vulnerability (CVE-2026-22593).\u003c/li\u003e\n\u003cli\u003eMonitor file creation events within the EVerest certificate directory for filenames with a length of 100 characters using a file_event rule.\u003c/li\u003e\n\u003cli\u003eImplement strict access controls to the certificate directory to prevent unauthorized file uploads or creation.\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rule to detect potential exploitation attempts by monitoring process creations related to the Everest software.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-26T15:16:31Z","date_published":"2026-03-26T15:16:31Z","id":"/briefs/2026-03-everest-overflow/","summary":"A stack-based buffer overflow vulnerability exists in EVerest's IsoMux certificate filename handling before version 2026.02.0, potentially allowing code execution via a crafted filename.","title":"EVerest IsoMux Certificate Filename Stack-Based Buffer Overflow Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-03-everest-overflow/"}],"language":"en","title":"CraftedSignal Threat Feed — Ev-Charging","version":"https://jsonfeed.org/version/1.1"}