Thales OCPP v1.6 Unauthenticated Information Disclosure Vulnerability

Vulnerability

A vulnerability exists in Thales chargers that use the Open Charge Point Protocol (OCPP) version 1.6). The issue arises because service interactions can be performed without authentication, allowing an attacker with some knowledge of the protocol to obtain information about the charger.

Impact

Exploitation of this vulnerability could lead to unauthorized information disclosure regarding the charger.

Added: Jan 7, 2026, 7:13 PM

Updated: Jan 7, 2026, 7:13 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

1.9

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

1.9

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Thales OCPP v1.6 Unauthenticated Information Disclosure Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating