This vulnerability occurs when the system permits multiple simultaneous
connections to the backend using the same charging station ID. This can
result in unauthorized access, data inconsistency, or potential
manipulation of charging sessions. The lack of proper session management
and expiration control allows attackers to exploit this weakness by
reusing valid charging station IDs to establish multiple sessions
concurrently.
CVSS Score
7.3
EPSS Score
0.0
Published
2026-01-22
This vulnerability arises because there are no limitations on the number
of authentication attempts a user can make. An attacker can exploit
this weakness by continuously sending authentication requests, leading
to a denial-of-service (DoS) condition. This can overwhelm the
authentication system, rendering it unavailable to legitimate users and
potentially causing service disruption. This can also allow attackers to
conduct brute-force attacks to gain unauthorized access.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-01-22
This vulnerability occurs when a WebSocket endpoint does not enforce
proper authentication mechanisms, allowing unauthorized users to
establish connections. As a result, attackers can exploit this weakness
to gain unauthorized access to sensitive data or perform unauthorized
actions. Given that no authentication is required, this can lead to
privilege escalation and potentially compromise the security of the
entire system.
CVSS Score
9.4
EPSS Score
0.001
Published
2026-01-22