Primary

Context

Everon OCPP Backends WebSocket API Rate Limiting Vulnerability Allowing Denial-of-Service and Brute-Force Attacks

Vulnerability

A vulnerability exists in the WebSocket API of Everon OCPP Backends, all versions, due to a lack of rate limiting on authentication requests. This flaw could enable an attacker to perform denial-of-service attacks by disrupting or misdirecting legitimate charger telemetry, or to conduct brute-force attacks to gain unauthorized access. Successful exploitation could lead to unauthorized administrative control over affected charging stations or cause disruptions in charging services.

Impact

Exploitation of this vulnerability could result in denial-of-service conditions by interfering with legitimate charger telemetry, or allow for unauthorized access through brute-force attacks, potentially leading to unauthorized administrative control over the charging stations.

Remediation

Everon has shut down their platform as of December 1, 2025.

Added: Mar 6, 2026, 4:21 PM

Updated: Mar 6, 2026, 4:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

0.0

relevance

3.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

0.0

relevance

3.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Everon OCPP Backends WebSocket API Rate Limiting Vulnerability Allowing Denial-of-Service and Brute-Force Attacks

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating