Primary

Context

SWITCH EV WebSocket API Rate Limiting Vulnerability Allowing Denial-of-Service and Brute-Force Attacks

Vulnerability

A vulnerability exists in the WebSocket API of SWITCH EV's charging management platform, specifically in all versions of the web application. The issue arises from a lack of rate limiting on authentication requests, which could enable an attacker to launch denial-of-service attacks by disrupting legitimate charger telemetry or to conduct brute-force attacks to gain unauthorized access.

Impact

Exploitation of this vulnerability could lead to denial-of-service conditions by misrouting or suppressing legitimate charger data, allowing for unauthorized access through brute-force methods.

Remediation

SWITCH EV has not responded to CISA's request for coordination. For more information, contact SWITCH EV through their contact page.

Added: Feb 27, 2026, 12:27 AM

Updated: Feb 27, 2026, 12:27 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.8

exploitability

7.4

remediation

0.0

relevance

3.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.8

exploitability

7.4

remediation

0.0

relevance

3.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SWITCH EV WebSocket API Rate Limiting Vulnerability Allowing Denial-of-Service and Brute-Force Attacks

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating