CVE-2026-22552
📋 TL;DR
This vulnerability allows unauthenticated attackers to impersonate legitimate charging stations by connecting to WebSocket endpoints without proper authentication. Attackers can then issue OCPP commands to manipulate charging infrastructure, potentially taking control of charging stations or corrupting backend data. This affects electric vehicle charging systems using vulnerable OCPP implementations.
💻 Affected Systems
- ePower charging station management systems
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of charging infrastructure allowing attackers to disable charging stations, manipulate billing data, cause physical damage to vehicles or equipment, and disrupt regional power grids through coordinated attacks.
Likely Case
Unauthorized control of individual charging stations, manipulation of charging sessions, billing fraud, and corruption of charging network data reported to backend systems.
If Mitigated
Limited impact with proper network segmentation, authentication controls, and monitoring in place, potentially only allowing connection attempts but not successful exploitation.
🎯 Exploit Status
Attack requires knowledge or discovery of charging station identifiers but no authentication. Simple WebSocket connection with station ID allows full OCPP command execution.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified in provided references
Vendor Advisory: https://epower.ie/support/
Restart Required: Yes
Instructions:
1. Contact ePower support for patch information. 2. Apply vendor-provided firmware updates to affected charging stations. 3. Restart charging stations after update. 4. Verify authentication is now required for WebSocket connections.
🔧 Temporary Workarounds
Network Segmentation
allIsolate charging station network from untrusted networks and implement strict firewall rules
WebSocket Authentication
allImplement authentication mechanisms for WebSocket connections before allowing OCPP commands
🧯 If You Can't Patch
- Implement network-level authentication using VPNs or mutual TLS for all charging station communications
- Deploy intrusion detection systems to monitor for unauthorized WebSocket connections and OCPP command patterns
🔍 How to Verify
Check if Vulnerable:
Attempt to connect to OCPP WebSocket endpoint without authentication using a known station ID. If connection succeeds and allows command execution, system is vulnerable.Check Version:
Check charging station firmware version through management interface or vendor-specific commandsVerify Fix Applied:
Attempt same connection after patch - should fail with authentication error. Verify WebSocket handshake now requires proper credentials.📡 Detection & Monitoring
Log Indicators:
- Unauthenticated WebSocket connections
- OCPP commands from unknown/unexpected station IDs
- Failed authentication attempts followed by successful connections
Network Indicators:
- WebSocket traffic without authentication headers
- OCPP command patterns from unusual IP addresses
- High volume of connection attempts to charging station ports
SIEM Query:
source="charging_station_logs" AND (event="websocket_connection" AND auth_status="none") OR (event="ocpp_command" AND station_id NOT IN allowed_list)