{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/ev.energy/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["ev.energy","charging-station","ics","vulnerability","dos"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eMultiple vulnerabilities have been identified in EV Energy ev.energy charging stations, potentially allowing attackers to gain unauthorized administrative control or disrupt charging services. The vulnerabilities, detailed in CISA ICS Advisory ICSA-26-057-07, affect all versions of ev.energy. These vulnerabilities include missing authentication for critical functions (CVE-2026-27772), improper restriction of excessive authentication attempts (CVE-2026-24445), insufficient session expiration (CVE-2026-26290), and insufficiently protected credentials (CVE-2026-25774). Successful exploitation could lead to privilege escalation, unauthorized control of charging infrastructure, and denial-of-service conditions. The affected sectors include Energy and Transportation Systems, with worldwide deployment. The vendor, EV Energy, has not responded to CISA\u0026rsquo;s request for coordination.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eReconnaissance:\u003c/strong\u003e An attacker identifies EV Energy ev.energy charging stations that have publicly accessible authentication identifiers via web-based mapping platforms (CVE-2026-25774).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUnauthorized WebSocket Connection:\u003c/strong\u003e The attacker connects to the OCPP WebSocket endpoint using a known charging station identifier without proper authentication (CVE-2026-27772).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSession Hijacking:\u003c/strong\u003e The attacker exploits the lack of session expiration and predictable session identifiers to hijack a legitimate charging station\u0026rsquo;s session (CVE-2026-26290).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eData Manipulation:\u003c/strong\u003e The attacker issues unauthorized OCPP commands, manipulating data sent to the backend and gaining unauthorized control of the charging infrastructure (CVE-2026-27772).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePrivilege Escalation:\u003c/strong\u003e Through unauthorized access and command execution, the attacker escalates privileges to administrative control over the charging station (CVE-2026-27772).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDenial-of-Service:\u003c/strong\u003e Alternatively, the attacker floods the WebSocket API with excessive authentication requests, causing a denial-of-service condition by suppressing or misrouting legitimate charger telemetry (CVE-2026-24445).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eService Disruption:\u003c/strong\u003e Legitimate users are unable to use the charging stations due to the attacker\u0026rsquo;s control or the denial-of-service condition.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eNetwork Data Corruption:\u003c/strong\u003e The attacker manipulates charging network data reported to the backend, potentially impacting billing or grid management systems (CVE-2026-27772).\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of these vulnerabilities can lead to significant disruptions in the Energy and Transportation Systems sectors. An attacker could gain administrative control over charging stations, manipulate charging processes, and cause denial-of-service conditions, rendering the stations unusable. The lack of vendor response further exacerbates the risk, leaving users without official patches or mitigation guidance. The compromise of charging network data could also have downstream impacts on billing and grid management systems.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImplement rate limiting on WebSocket authentication requests to mitigate CVE-2026-24445, preventing denial-of-service attacks. Monitor network traffic for excessive authentication attempts targeting OCPP WebSocket endpoints, and deploy a custom rule to detect such attempts.\u003c/li\u003e\n\u003cli\u003eDisable or restrict public access to web-based mapping platforms that expose charging station authentication identifiers to mitigate CVE-2026-25774. Conduct regular audits of publicly available information to identify and remove exposed credentials.\u003c/li\u003e\n\u003cli\u003eDeploy network segmentation and firewall rules to minimize network exposure for all charging station devices, as recommended by CISA. This will limit the attack surface and prevent unauthorized access from the Internet.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-02-26T12:00:00Z","date_published":"2026-02-26T12:00:00Z","id":"/briefs/2026-02-ev-energy-vulns/","summary":"Multiple vulnerabilities exist in EV Energy ev.energy that could allow an attacker to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks.","title":"Multiple Vulnerabilities in EV Energy ev.energy Charging Stations","url":"https://feed.craftedsignal.io/briefs/2026-02-ev-energy-vulns/"}],"language":"en","title":"CraftedSignal Threat Feed — Ev.energy","version":"https://jsonfeed.org/version/1.1"}