Plattform
other
Komponente
csaf
CVE-2026-25192 describes a critical vulnerability in Chargeportal, allowing unauthorized station impersonation. Attackers can exploit this flaw to manipulate data sent to the backend, potentially leading to significant disruption and data corruption within charging networks. This vulnerability affects all versions of Chargeportal and requires immediate attention to mitigate the risk.
The primary impact of CVE-2026-25192 is the ability for an unauthenticated attacker to connect to the OCPP WebSocket endpoint. By leveraging a known or discovered charging station identifier, the attacker can then issue and receive OCPP commands as if they were a legitimate charging station. This effectively grants them unauthorized control over the charging infrastructure. The consequences are severe: attackers could manipulate charging sessions, alter billing data, disrupt charging operations, and potentially compromise the integrity of the entire charging network. The lack of authentication makes this vulnerability particularly dangerous, as it bypasses standard security controls and allows for easy exploitation.
CVE-2026-25192 was publicly disclosed on 2026-03-20. The vulnerability's CRITICAL CVSS score (9.4) indicates a high probability of exploitation. There are currently no known public proof-of-concept exploits, but the ease of exploitation makes it likely that such exploits will emerge. It is not currently listed on the CISA KEV catalog.
Organizations deploying Chargeportal in environments with limited network segmentation are particularly at risk. Shared hosting environments where multiple charging stations share the same Chargeportal instance are also vulnerable, as an attacker compromising one station could potentially gain access to others. Legacy Chargeportal deployments with outdated configurations and inadequate security controls are also at heightened risk.
• other / supply-chain: Monitor network traffic for unauthorized connections to the OCPP WebSocket endpoint. Examine Chargeportal logs for suspicious activity, particularly connections from unknown IP addresses or using unusual charging station identifiers.
# Example: Monitor for connections to the OCPP WebSocket port (typically 9000)
sudo tcpdump -i any port 9000 | grep -i 'chargeportal'disclosure
Exploit-Status
EPSS
0.16% (36% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-25192 is to upgrade to a patched version of Chargeportal as soon as it becomes available. Until a patch is deployed, implement immediate workarounds to limit the potential impact. Network segmentation is crucial; isolate the Chargeportal server from other critical systems to limit lateral movement. Strict firewall rules should be enforced to restrict access to the OCPP WebSocket endpoint, allowing only authorized connections from known and trusted sources. Consider implementing rate limiting on the WebSocket endpoint to mitigate potential denial-of-service attacks. After applying any mitigations, verify functionality by attempting to connect to the OCPP WebSocket endpoint with an unauthorized identifier and confirming that access is denied.
Se recomienda implementar mecanismos de autenticación robustos para los endpoints WebSocket. Actualizar a la última versión del software proporcionada por el proveedor, una vez que esté disponible, es crucial. Además, se debe monitorear la infraestructura de carga para detectar actividades sospechosas.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-25192 is a critical vulnerability in Chargeportal that allows unauthenticated attackers to impersonate charging stations and manipulate data via WebSocket endpoints, potentially leading to privilege escalation and data corruption.
Yes, all versions of Chargeportal are affected by this vulnerability. If you are using Chargeportal, you are at risk until you upgrade to a patched version or implement mitigating controls.
The primary fix is to upgrade to a patched version of Chargeportal as soon as it becomes available. Until then, implement network segmentation and strict firewall rules.
While there are no known public exploits currently, the ease of exploitation suggests a high likelihood of exploitation in the near future.
Please refer to the Chargeportal vendor website and security advisories for the latest information and official guidance regarding CVE-2026-25192.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.