Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-54479

Summary
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At-25 Jun, 2026 | 20:56
Updated At-25 Jun, 2026 | 20:56
Rejected At-
Credits

EVoke Systems EVoke CSMS Insufficient Session Expiration

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:icscert
Assigner Org ID:7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At:25 Jun, 2026 | 20:56
Updated At:25 Jun, 2026 | 20:56
Rejected At:
▼CVE Numbering Authority (CNA)
EVoke Systems EVoke CSMS Insufficient Session Expiration

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.

Affected Products
Vendor
EVoke
Product
EVoke CSMS
Default Status
unaffected
Versions
Affected
  • All versions (custom)
Problem Types
TypeCWE IDDescription
CWECWE-613CWE-613
Type: CWE
CWE ID: CWE-613
Description: CWE-613
Metrics
VersionBase scoreBase severityVector
3.17.3HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

EVoke states that as a hardware-agnostic platform supporting multiple charger Original Equipment Manufacturers OEMs, EVoke must interoperate with EVSE devices that support different OCPP security profiles depending on the firmware capabilities of the charger. EVoke CSMS currently supports all OCPP security profiles (0–3). However, the effective security configuration for a charger connection is determined by the security profile implemented in the EVSE firmware. Some legacy chargers deployed in the network support only Security Profile 0 or 1. These chargers were installed prior to the broader industry adoption of stronger authentication mechanisms defined in OCPP Security Profiles 2 and 3. EVoke is actively working with charger OEM partners to migrate supported devices to Security Profile 2 (TLS encryption with basic authentication) or Security Profile 3 (Mutual TLS authentication using client certificates). For OEMs that continue to support firmware updates, EVoke will prioritize upgrades to enable Security Profiles 2 or 3.

EVoke states that certain legacy charger models deployed on the network are no longer supported by the manufacturer (for example, chargers originally produced by EVBox). These devices cannot be upgraded to support stronger security profiles. For chargers limited to Security Profiles 0 or 1, EVoke is implementing additional server-side protections to mitigate spoofing risks. Allow-listed chargers will only be accepted from chargers whose IDs are registered in the EVoke CSMS inventory database. Unknown charger identifiers will be rejected.

Configurations
Workarounds

EVoke states that to reduce the risk of duplicate sessions, only a single active connection per charger ID will be permitted. If a second connection using the same charger ID is detected, the new connection will be rejected or the previous session will be terminated. This prevents unauthorized actors from establishing parallel sessions using spoofed charger identifiers.

EVoke states that the platform will monitor session anomalies including repeated connection attempts, unexpected IP address changes, and abnormal message patterns. Security events will be logged and flagged for operational review.

EVoke states that to address the risk of denial-of-service via repeated authentication attempts, EVoke will implement connection rate limiting at the WebSocket gateway layer. These controls will restrict excessive connection attempts from the same source and temporarily block abusive traffic patterns.

EVoke states they are developing a lifecycle policy for legacy chargers that cannot support modern OCPP security profiles. This policy will include identification of unsupported EVSE models and risk classification Migration planning with site operators where possible

Exploits
Credits
finder
Khaled Sarieddine and Mohammad Ali Sayed reported this vulnerability to CISA.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://evokesystems.com/contact-us/
N/A
https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-02
N/A
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-176-02.json
N/A
Hyperlink: https://evokesystems.com/contact-us/
Resource: N/A
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-02
Resource: N/A
Hyperlink: https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-176-02.json
Resource: N/A
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ics-cert@hq.dhs.gov
Published At:25 Jun, 2026 | 22:17
Updated At:25 Jun, 2026 | 22:17

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.17.3HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Type: Secondary
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-613Primaryics-cert@hq.dhs.gov
CWE ID: CWE-613
Type: Primary
Source: ics-cert@hq.dhs.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://evokesystems.com/contact-us/ics-cert@hq.dhs.gov
N/A
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-176-02.jsonics-cert@hq.dhs.gov
N/A
https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-02ics-cert@hq.dhs.gov
N/A
Hyperlink: https://evokesystems.com/contact-us/
Source: ics-cert@hq.dhs.gov
Resource: N/A
Hyperlink: https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-176-02.json
Source: ics-cert@hq.dhs.gov
Resource: N/A
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-02
Source: ics-cert@hq.dhs.gov
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

12Records found
CVE-2025-55705
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.3||HIGH
EPSS-0.30% / 21.61%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 22:32
Updated-12 Feb, 2026 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EVMAPA Insufficient Session Expiration

This vulnerability occurs when the system permits multiple simultaneous connections to the backend using the same charging station ID. This can result in unauthorized access, data inconsistency, or potential manipulation of charging sessions. The lack of proper session management and expiration control allows attackers to exploit this weakness by reusing valid charging station IDs to establish multiple sessions concurrently.

Action-Not Available
Vendor-evmapaEVMAPA
Product-evmapaEVMAPA
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2026-32663
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.9||MEDIUM
EPSS-0.25% / 16.12%
||
7 Day CHG~0.00%
Published-20 Mar, 2026 | 22:59
Updated-06 May, 2026 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IGL-Technologies eParking.fi Insufficient Session Expiration

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent connection displaces the legitimate charging station and receives backend commands intended for that station. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.

Action-Not Available
Vendor-iglIGL-Technologies
Product-eparking.fieParking.fi
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2026-27647
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.9||MEDIUM
EPSS-0.30% / 22.02%
||
7 Day CHG~0.00%
Published-27 Feb, 2026 | 00:23
Updated-08 Apr, 2026 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mobility46 mobility46.se Insufficient Session Expiration

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent connection displaces the legitimate charging station and receives backend commands intended for that station. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.

Action-Not Available
Vendor-mobility46Mobility46
Product-mobility46.semobility46.se
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2026-27652
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.9||MEDIUM
EPSS-0.31% / 23.00%
||
7 Day CHG~0.00%
Published-26 Feb, 2026 | 23:36
Updated-31 Mar, 2026 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CloudCharge cloudcharge.se Insufficient Session Expiration

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent connection displaces the legitimate charging station and receives backend commands intended for that station. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.

Action-Not Available
Vendor-cloudchargeCloudCharge
Product-cloudcharge.secloudcharge.se
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2026-27764
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.9||MEDIUM
EPSS-0.29% / 21.10%
||
7 Day CHG~0.00%
Published-06 Mar, 2026 | 15:07
Updated-05 May, 2026 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mobiliti e-mobi.hu Insufficient Session Expiration

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent connection displaces the legitimate charging station and receives backend commands intended for that station. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.

Action-Not Available
Vendor-mvmMobiliti
Product-mobiliti_e-mobi.hue-mobi.hu
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2026-27649
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.9||MEDIUM
EPSS-0.33% / 24.53%
||
7 Day CHG~0.00%
Published-20 Mar, 2026 | 22:46
Updated-06 May, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CTEK Chargeportal Insufficient Session Expiration

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent connection displaces the legitimate charging station and receives backend commands intended for that station. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.

Action-Not Available
Vendor-ctekCTEK
Product-charge_portalChargeportal
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2026-26290
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.9||MEDIUM
EPSS-0.34% / 25.37%
||
7 Day CHG~0.00%
Published-27 Feb, 2026 | 00:13
Updated-31 Mar, 2026 | 14:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EV Energy ev.energy Insufficient Session Expiration

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent connection displaces the legitimate charging station and receives backend commands intended for that station. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.

Action-Not Available
Vendor-ev.energyEV Energy
Product-ev.energyev.energy
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2026-25778
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.9||MEDIUM
EPSS-0.31% / 23.00%
||
7 Day CHG~0.00%
Published-27 Feb, 2026 | 00:02
Updated-05 Mar, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SWITCH EV swtchenergy.com Insufficient Session Expiration

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent connection displaces the legitimate charging station and receives backend commands intended for that station. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.

Action-Not Available
Vendor-swtchenergySWITCH EV
Product-swtchenergy.comswtchenergy.com
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2026-25711
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.9||MEDIUM
EPSS-0.32% / 24.07%
||
7 Day CHG~0.00%
Published-26 Feb, 2026 | 23:08
Updated-05 Mar, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Chargemap chargemap.com Insufficient Session Expiration

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent connection displaces the legitimate charging station and receives backend commands intended for that station. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.

Action-Not Available
Vendor-chargemapChargemap
Product-chargemap.comchargemap.com
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2026-24912
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.9||MEDIUM
EPSS-0.39% / 30.39%
||
7 Day CHG~0.00%
Published-05 Mar, 2026 | 23:38
Updated-06 May, 2026 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ePower epower.ie Insufficient Session Expiration

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent connection displaces the legitimate charging station and receives backend commands intended for that station. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.

Action-Not Available
Vendor-epowerePower
Product-epower.ieepower.ie
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2026-20895
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.9||MEDIUM
EPSS-0.36% / 27.50%
||
7 Day CHG~0.00%
Published-26 Feb, 2026 | 23:48
Updated-05 Mar, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EV2GO ev2go.io Insufficient Session Expiration

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent connection displaces the legitimate charging station and receives backend commands intended for that station. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.

Action-Not Available
Vendor-ev2goEV2GO
Product-ev2go.ioev2go.io
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2026-20748
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.9||MEDIUM
EPSS-0.25% / 16.36%
||
7 Day CHG~0.00%
Published-06 Mar, 2026 | 15:18
Updated-06 May, 2026 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Everon api.everon.io Insufficient Session Expiration

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent connection displaces the legitimate charging station and receives backend commands intended for that station. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.

Action-Not Available
Vendor-everonEveron
Product-api.everon.ioapi.everon.io
CWE ID-CWE-613
Insufficient Session Expiration
Details not found