An unauthenticated attacker can obtain EV charger energy consumption information of other users.
Unauthenticated attackers can query information about total energy consumed by EV chargers of arbitrary users.
An unauthenticated attacker can obtain other users' charger information.
An unauthenticated attacker can obtain EV charger version and firmware upgrading history by knowing the charger ID.
Unauthenticated attackers can rename arbitrary devices of arbitrary users (i.e., EV chargers).
An unauthenticated attacker can obtain a serial number of a smart meter(s) using its owner's username.
Unauthenticated attackers can retrieve serial number of smart meters associated to a specific user account.
As the service interaction is performed without authentication, an attacker with some knowledge of the protocol could obtain information about the charger via OCPP v1.6.
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
An unauthenticated attacker can obtain a list of smart devices by knowing a valid username.
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
A vulnerability has been identified in Heliox Flex 180 kW EV Charging Station (All versions < F4.11.1), Heliox Mobile DC 40 kW EV Charging Station (All versions < L4.10.1). Affected devices contain im
An unauthenticated attackers can obtain a list of smart devices by knowing a valid username through an unprotected API.
WebSocket endpoints lack proper authentication mechanisms, enabling
attackers to perform unauthorized station impersonation and manipulate
data sent to the backend. An unauthenticated attacker can c
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
Page 1+ Next →