CISA

Hydro-Québec Le Circuit Electrique charging station backend

From Cybersecurity and Infrastructure Security Agency ↗

Successful exploitation of these vulnerabilities could lead to privilege escalation, or result in a denial-of-service attack.

The following versions of Hydro-Québec Le Circuit Electrique charging station backend are affected:

Le Circuit Electrique charging station backend

Vendor

Equipment

Hydro-Québec

Hydro-Québec Le Circuit Electrique charging station backend

Improper Access Control, Improper Restriction of Excessive Authentication Attempts, Insufficient Session Expiration

Critical Infrastructure Sectors: Transportation Systems

Countries/Areas Deployed: Canada

Company Headquarters Location: Canada

The charging station websocket endpoint accepts connections without proper authentication, which could lead to privilege escalation.

Hydro-Québec Le Circuit Electrique charging station backend