Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks.
The following versions of EVoke Systems Charging Station Management System are affected:
EVoke CSMS vers:all/*
Vendor
Equipment
EVoke Systems
EVoke Systems Charging Station Management System
Missing Authentication for Critical Function, Improper Restriction of Excessive Authentication Attempts, Insufficient Session Expiration, Insufficiently Protected Credentials
Critical Infrastructure Sectors: Energy, Transportation Systems
Countries/Areas Deployed: Worldwide
Company Headquarters Location: United States
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to impersonate charging stations. As a result, attackers can exploit this weakness...
Read the full advisory on CISA →