CP
cyberpings
VulnerabilitiesCRITICAL

Critical Flaws in Everon OCPP Backends Expose Charging Stations

CICISA Advisories19h ago2 min read
EveronOCPPCVE-2026-26288CVE-2026-24696CVE-2026-20748
🎯

Basically, hackers can control electric car chargers due to security flaws.

Quick Summary

Everon OCPP Backends face critical vulnerabilities that allow hackers to control charging stations. This affects electric vehicle users worldwide, risking service disruptions. Everon has announced a platform shutdown to mitigate these issues.

What Happened

Imagine plugging in your electric car only to find that someone else has taken control of the charging station. This alarming scenario is now a reality for users of Everon OCPP? Backends, which manage electric vehicle charging stations worldwide. Four critical vulnerabilities have been discovered that allow attackers to gain unauthorized access and disrupt services.

The vulnerabilities stem from issues like missing authentication? and insufficient session management. For instance, attackers can impersonate legitimate charging stations, manipulate data, or even conduct denial-of-service attacks?. This means they can overwhelm the system, preventing legitimate users from charging their vehicles.

Why Should You Care

If you own an electric vehicle or rely on public charging stations, this news directly impacts you. Imagine arriving at a charging station only to find it offline or malfunctioning due to a cyberattack. Your ability to charge your vehicle could be compromised, leading to frustration and inconvenience.

Moreover, these vulnerabilities can affect the broader energy infrastructure. As electric vehicles become more common, the security of charging stations is crucial for a smooth transition to sustainable transportation. If hackers can disrupt these services, it could undermine public trust in electric vehicles and the entire charging ecosystem.

What's Being Done

In response to these vulnerabilities, Everon has taken the drastic step of shutting down their platform, effective December 1st, 2025. This move aims to protect users from potential exploitation. However, if you are currently using Everon OCPP? Backends, here’s what you should do:

  • Stop using affected charging stations immediately.
  • Monitor for updates from Everon regarding the situation.
  • Consider alternative charging solutions until the vulnerabilities are addressed.

Experts are closely monitoring the situation to see if attackers will exploit these vulnerabilities before the shutdown. The focus will be on how quickly Everon can implement fixes and restore user confidence in their services.

💡 Tap dotted terms for explanations

🔒 Pro insight: The vulnerabilities highlight a significant gap in IoT security for critical infrastructure, necessitating immediate attention from stakeholders.

Original article from

CISA Advisories · CISA

Read Full Article

Share

Related Pings

HIGHVulnerabilities

HttpOnly Cookies at Risk from New 'Cookie Sandwich' Technique

A new technique called 'cookie sandwich' can steal secure cookies from websites. This affects users relying on HttpOnly flags for protection. Stay informed and ensure your online security measures are up to date.

PortSwigger Research·37m ago·2m
HIGHVulnerabilities

Exploitation Alert: Gladinet Vulnerability Targets Cryptography

A vulnerability in Gladinet's CentreStack and Triofox software is being actively exploited. Users are at risk of data breaches due to hardcoded cryptographic keys. Gladinet is working on a fix, but immediate action is needed to secure your systems.

Huntress Blog·37m ago·2m
HIGHVulnerabilities

XSS Vulnerability Found in RPi-Jukebox-RFID 2.8.0

A serious XSS vulnerability has been found in RPi-Jukebox-RFID 2.8.0. Users are at risk of attackers injecting harmful scripts. Update your software immediately to protect your device and data.

Exploit-DB·37m ago·2m
HIGHVulnerabilities

Hacked Construction Apps Threaten Jobsite Security

Hacked construction apps are exposing job sites to security risks. This affects contractors and workers alike, leading to potential project delays and safety issues. Stay updated on software patches and security measures to protect your projects.

Huntress Blog·37m ago·2m
HIGHVulnerabilities

URL Validation Bypass Cheat Sheet Gets Powerful New Payloads

A new update to the URL Validation Bypass Cheat Sheet introduces powerful payloads for web security experts. This matters because weak URL validations can lead to serious security breaches. Stay informed and protect your online activities!

PortSwigger Research·37m ago·2m
HIGHVulnerabilities

Windows 10 Faces Spoofing Vulnerability Risk

A spoofing vulnerability has been found in Windows 10 version 10.0.17763.7009. This flaw could allow attackers to impersonate legitimate users, risking your sensitive information. Microsoft is working on a patch, so stay alert and update your system when available.

Exploit-DB·37m ago·2m