Plateforme
other
Composant
csaf
CVE-2026-27767 describes a critical vulnerability in swtchenergy.com's WebSocket endpoints. The lack of authentication allows attackers to impersonate charging stations and manipulate data intended for the backend systems. This vulnerability affects all versions of the product and poses a significant risk to charging infrastructure. Mitigation strategies involve implementing robust authentication and access controls.
The primary impact of CVE-2026-27767 is the potential for unauthorized control of charging infrastructure. An attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier and issue commands as if they were a legitimate charger. This could involve manipulating charging rates, disconnecting vehicles prematurely, or even causing physical damage to the charging equipment. Furthermore, the attacker can intercept and modify data sent to the backend, potentially corrupting charging network data and leading to inaccurate billing or reporting. The blast radius extends to the entire charging network managed by swtchenergy.com, as a single compromised station could be used to launch attacks against others.
CVE-2026-27767 was publicly disclosed on 2026-02-26. The CVSS score of 9.4 (CRITICAL) indicates a high probability of exploitation. There are currently no known public proof-of-concept exploits, but the ease of exploitation due to the lack of authentication suggests that it could be quickly developed. The vulnerability is not currently listed on CISA KEV, but given its criticality, it may be added in the future. Active campaigns targeting charging infrastructure are a growing concern, making this vulnerability a high priority for remediation.
Organizations utilizing swtchenergy.com for managing their charging infrastructure are at risk. This includes electric vehicle charging network operators, fleet management companies, and businesses with on-site charging stations. Specifically, deployments relying on default configurations or lacking robust network segmentation are particularly vulnerable.
• linux / server:
journalctl -u swtchenergy.com -g "WebSocket connection"• generic web:
curl -I https://swtchenergy.com/ocpp/websocket• database (redis):
INFO• windows / supply-chain:
Get-Process -Name swtchenergy.comdisclosure
Statut de l'Exploit
EPSS
0.13% (percentile 32%)
CISA SSVC
Vecteur CVSS
The immediate mitigation for CVE-2026-27767 is to implement robust authentication mechanisms on the WebSocket endpoints. This should involve verifying the identity of each charging station before allowing it to send or receive OCPP commands. As an interim measure, a Web Application Firewall (WAF) or proxy can be configured to restrict access to the WebSocket endpoint based on known or suspicious IP addresses or charging station identifiers. Additionally, carefully review and audit all OCPP commands being processed to detect any anomalies or unauthorized activity. After implementing authentication, confirm by attempting to connect to the WebSocket endpoint without proper credentials and verifying that access is denied.
Implémenter des mécanismes d'authentification robustes pour les points de terminaison WebSocket OCPP. S'assurer que chaque station de charge s'authentifie correctement avant de lui permettre d'envoyer ou de recevoir des commandes. Envisager l'utilisation de certificats numériques ou de jetons d'authentification pour vérifier l'identité des stations de charge.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2026-27767 is a critical vulnerability affecting all versions of swtchenergy.com, allowing attackers to impersonate charging stations due to missing authentication on WebSocket endpoints, potentially leading to infrastructure control and data corruption.
Yes, if you are using any version of swtchenergy.com, you are potentially affected by this vulnerability as it impacts all versions due to the lack of authentication.
The primary fix is to implement robust authentication mechanisms on the WebSocket endpoints. As an interim measure, configure a WAF to restrict access.
While no public exploits are currently known, the ease of exploitation suggests a high probability of exploitation and warrants immediate attention.
Please refer to the swtchenergy.com security advisories page for the latest information and official guidance regarding CVE-2026-27767.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.