Kostenlos scannen
CRITICALCVE-2026-27772CVSS 9.4

EV Energy ev.energy Fehlende Authentifizierung für kritische Funktion

Plattform

other

Komponente

csaf

AI Confidence: highNVDEPSS 0.1%Geprüft: Mai 2026
Auf NVD ansehen
Speichern
Wird in Ihre Sprache übersetzt…

CVE-2026-27772 is a critical vulnerability affecting all versions of ev.energy's charging infrastructure software. It stems from a lack of authentication on WebSocket endpoints, allowing attackers to impersonate charging stations and manipulate data. This can result in unauthorized control of charging infrastructure and corruption of data reported to the backend, posing a significant risk to charging networks.

Auswirkungen und Angriffsszenarienwird übersetzt…

The primary impact of CVE-2026-27772 is the potential for unauthorized control of charging stations. An attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier and issue commands as if they were a legitimate charger. This could involve manipulating charging rates, disconnecting vehicles prematurely, or even preventing legitimate users from accessing charging services. Furthermore, the ability to receive OCPP commands allows attackers to intercept and potentially alter data transmitted between the charging station and the backend system, leading to inaccurate billing, reporting, and potentially even the injection of malicious code. The blast radius extends to the entire charging network, as a compromised station can impact the integrity of the entire system’s data.

Ausnutzungskontextwird übersetzt…

CVE-2026-27772 was publicly disclosed on 2026-02-27. The vulnerability's criticality (CVSS 9.4) and ease of exploitation (no authentication required) suggest a high probability of exploitation. While no public proof-of-concept (PoC) has been released as of this writing, the lack of authentication makes it a prime target for automated scanning and exploitation. It is recommended to monitor threat intelligence feeds for any indications of active campaigns targeting ev.energy infrastructure.

Wer Ist Gefährdetwird übersetzt…

Organizations deploying ev.energy charging infrastructure are at risk, particularly those with publicly accessible charging stations or those lacking robust network segmentation. Shared hosting environments where multiple charging stations share a single IP address are also at increased risk, as a compromise of one station could potentially expose others. Legacy deployments using older, unpatched versions of ev.energy are especially vulnerable.

Erkennungsschrittewird übersetzt…

• linux / server: Monitor OCPP WebSocket traffic for connections originating from unexpected IP addresses or lacking proper authentication headers. Use tcpdump or wireshark to capture and analyze WebSocket payloads for suspicious commands.

tcpdump -i any port 9000 -w capture.pcap

• generic web: Check for exposed OCPP WebSocket endpoints by attempting to connect to ws://<chargingstationip>:9000/ without authentication. Analyze access logs for unusual connection patterns.

curl -v ws://<charging_station_ip>:9000/

Angriffszeitlinie

  1. Disclosure

    disclosure

Bedrohungsanalyse

Exploit-Status

Proof of ConceptUnbekannt
CISA KEVNO
Internet-ExponierungHoch
Berichte3 Bedrohungsberichte

EPSS

0.13% (32% Perzentil)

CISA SSVC

Ausnutzungnone
Automatisierbaryes
Technische Auswirkungtotal

CVSS-Vektor

BEDROHUNGSANALYSE· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L9.4CRITICALAttack VectorNetworkWie der Angreifer das Ziel erreichtAttack ComplexityLowBedingungen zur erfolgreichen AusnutzungPrivileges RequiredNoneErforderliche AuthentifizierungsstufeUser InteractionNoneOb ein Opfer eine Aktion ausführen mussScopeUnchangedAuswirkungen über die Komponente hinausConfidentialityHighRisiko der Offenlegung sensibler DatenIntegrityHighRisiko nicht autorisierter DatenänderungAvailabilityLowRisiko der Dienstunterbrechungnextguardhq.com · CVSS v3.1 Basis-Score
Was bedeuten diese Metriken?
Attack Vector
Netzwerk — aus der Ferne über das Internet ausnutzbar. Kein physischer oder lokaler Zugriff erforderlich.
Attack Complexity
Niedrig — keine besonderen Bedingungen erforderlich. Zuverlässig ausnutzbar.
Privileges Required
Keine — ohne Authentifizierung ausnutzbar. Keine Zugangsdaten erforderlich.
User Interaction
Keine — automatischer und lautloser Angriff. Das Opfer tut nichts.
Scope
Unverändert — Auswirkung auf das anfällige Komponente beschränkt.
Confidentiality
Hoch — vollständiger Vertraulichkeitsverlust. Angreifer kann alle Daten lesen.
Integrity
Hoch — Angreifer kann beliebige Daten schreiben, ändern oder löschen.
Availability
Niedrig — partieller oder intermittierender Denial of Service.

Betroffene Software

Komponentecsaf
HerstellerEV Energy
Betroffener BereichBehoben in
All versions – All versions

Schwachstellen-Klassifikation (CWE)

CWE-306

Zeitleiste

  1. Reserviert
  2. Veröffentlicht
  3. Geändert
  4. EPSS aktualisiert
Kein Patch — 86 Tage seit Offenlegung

Mitigation und Workaroundswird übersetzt…

The immediate mitigation is to upgrade to a patched version of ev.energy as soon as it becomes available. Until then, implement strict Web Application Firewall (WAF) rules to filter unauthorized OCPP commands and restrict access to the WebSocket endpoint. Consider implementing OCPP protocol validation to ensure commands adhere to expected formats and parameters. Network segmentation can also limit the potential impact of a compromised station. Monitor WebSocket traffic for unusual activity, such as commands originating from unexpected sources or exhibiting anomalous patterns. After implementing mitigations, verify their effectiveness by attempting to connect to the WebSocket endpoint without proper authentication and confirming that access is denied.

So beheben

Implementieren Sie robuste Authentifizierungsmechanismen für WebSocket-Endpunkte. Validieren und autorisieren Sie alle Anfragen, bevor sie verarbeitet werden. Erwägen Sie die Verwendung digitaler Zertifikate oder Authentifizierungstokens, um die Identität der Ladegeräte zu überprüfen.

CVE-Sicherheitsnewsletter

Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.

Häufig gestellte Fragenwird übersetzt…

What is CVE-2026-27772 — WebSocket Impersonation in ev.energy?

CVE-2026-27772 is a critical vulnerability in ev.energy's charging infrastructure that allows unauthenticated attackers to impersonate charging stations and manipulate data via WebSocket endpoints, potentially leading to unauthorized control and data corruption.

Am I affected by CVE-2026-27772 in ev.energy?

Yes, all versions of ev.energy are affected by this vulnerability. If you are using ev.energy charging infrastructure, you are potentially at risk.

How do I fix CVE-2026-27772 in ev.energy?

The primary fix is to upgrade to a patched version of ev.energy as soon as it becomes available. Until then, implement WAF rules and OCPP protocol validation as interim mitigations.

Is CVE-2026-27772 being actively exploited?

While no public exploits are currently known, the vulnerability's criticality and ease of exploitation suggest a high probability of exploitation. Monitor threat intelligence feeds for any indications of active campaigns.

Where can I find the official ev.energy advisory for CVE-2026-27772?

Please refer to the official ev.energy security advisory for detailed information and updates regarding CVE-2026-27772.

Ist dein Projekt betroffen?

Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.

Kostenlos scannenCVEs suchen