Successful exploitation of these vulnerabilities could lead to privilege escalation, or result in a denial-of-service attack.
The following versions of Hydro-Québec Le Circuit Electrique charging station backend are affected:
Le Circuit Electrique charging station backend
Vendor
Equipment
Hydro-Québec
Hydro-Québec Le Circuit Electrique charging station backend
Improper Access Control, Improper Restriction of Excessive Authentication Attempts, Insufficient Session Expiration
Critical Infrastructure Sectors: Transportation Systems
Countries/Areas Deployed: Canada
Company Headquarters Location: Canada
The charging station websocket endpoint accepts connections without proper authentication, which could lead to privilege escalation.
Hydro-Québec Le Circuit Electrique charging station backend
Read the full advisory on CISA →