Primary

Context

EVMAPA Insufficient Session Expiration Vulnerability Allowing Concurrent Connections with the Same Charging Station ID

Vulnerability

A vulnerability in EVMAPA exists due to inadequate session management, allowing multiple simultaneous connections to the backend using the same charging station ID. This flaw can lead to unauthorized access, data inconsistencies, and potential manipulation of charging sessions. Attackers can exploit this vulnerability by reusing valid charging station IDs to create multiple concurrent sessions.

Impact

Exploitation of this vulnerability could result in unauthorized access, data inconsistencies, and manipulation of charging session statuses.

Remediation

EVMAPA has informed CISA that this issue has been resolved by preventing simultaneous connections from charging stations using the same CBID.

Added: Jan 22, 2026, 11:28 PM

Updated: Jan 22, 2026, 11:28 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

0.0

relevance

2.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

0.0

relevance

2.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

EVMAPA Insufficient Session Expiration Vulnerability Allowing Concurrent Connections with the Same Charging Station ID

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating