Everon OCPP Backends
Summary
CISA has alerted on multiple vulnerabilities in Everon OCPP Backends that could allow attackers to gain unauthorized administrative control or disrupt charging services. The vulnerabilities include missing authentication for critical functions, improper restriction of authentication attempts, insufficient session expiration, and insufficiently protected credentials. The vendor has shut down the affected platform.
IFF Assessment
These vulnerabilities allow for unauthorized administrative control and disruption of critical infrastructure, posing a significant threat to defenders.
Severity
Defender Context
Defenders managing EV charging infrastructure should be aware of these vulnerabilities, even though the vendor has shut down the platform. The identified weaknesses highlight critical areas like authentication and session management that are often exploited. This serves as a reminder to scrutinize similar systems for these types of flaws.