CloudCharge WebSocket Authentication Vulnerability Allowing Unauthorized Station Impersonation
Vulnerability
A vulnerability exists in the WebSocket endpoints of CloudCharge's charging station management system, all versions. The issue arises from a lack of proper authentication, which allows attackers to impersonate charging stations and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier and issue or receive OCPP commands as if they were a legitimate charger. This vulnerability could lead to unauthorized control of charging infrastructure, privilege escalation, and corruption of charging network data reported to the backend.
Impact
Exploitation of this vulnerability could allow for unauthorized impersonation of charging stations, session hijacking, misrouting of legitimate traffic, large-scale denial of service, and manipulation of data sent to the backend.
Remediation
CloudCharge did not respond to CISA's request for coordination. Contact CloudCharge using their contact page for more information.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.