CVE-2026-22539
📋 TL;DR
This vulnerability allows unauthenticated attackers with knowledge of the OCPP v1.6 protocol to obtain information from electric vehicle chargers. It affects Thales EV charging systems that use OCPP v1.6 without proper authentication controls. The exposure could reveal charger status, configuration, and potentially operational data.
💻 Affected Systems
- Thales electric vehicle charging systems
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could map all chargers in a network, gather operational intelligence for physical attacks, or potentially manipulate charging sessions if combined with other vulnerabilities.
Likely Case
Information disclosure about charger locations, status, configurations, and potentially user data if improperly stored.
If Mitigated
Limited to protocol-level information gathering without access to sensitive user data or control functions.
🎯 Exploit Status
Exploitation involves sending standard OCPP v1.6 queries without authentication to gather information.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified
Vendor Advisory: https://cds.thalesgroup.com/en
Restart Required: No
Instructions:
1. Consult Thales advisory for specific guidance. 2. Implement authentication for OCPP v1.6 service interactions. 3. Configure network access controls to limit OCPP traffic.
🔧 Temporary Workarounds
Network Segmentation
allIsolate EV charging systems from untrusted networks
Firewall Rules
allRestrict OCPP protocol access to authorized management systems only
🧯 If You Can't Patch
- Implement network-level authentication or VPN for OCPP communications
- Monitor OCPP traffic for unauthorized access attempts
🔍 How to Verify
Check if Vulnerable:
Attempt OCPP v1.6 protocol queries without authentication to see if charger responds with information.Check Version:
Check charger management interface or consult vendor documentation for OCPP configuration.Verify Fix Applied:
Verify that OCPP v1.6 queries now require authentication and reject unauthenticated requests.📡 Detection & Monitoring
Log Indicators:
- Unauthenticated OCPP protocol requests
- Multiple failed authentication attempts on OCPP port
Network Indicators:
- OCPP v1.6 traffic from unauthorized IP addresses
- Protocol queries without preceding authentication handshake
SIEM Query:
source_ip NOT IN authorized_management_ips AND protocol=OCPP AND auth_status=failed