CloudCharge WebSocket Session Hijacking Vulnerability

A vulnerability in the WebSocket backend of CloudCharge charging stations allows multiple endpoints to connect using the same session identifier, leading to predictable session identifiers. This flaw enables session hijacking or shadowing, where the most recent connection displaces the legitimate charging station, intercepting backend commands intended for it. Additionally, this vulnerability could allow unauthorized users to authenticate as other users or enable a denial-of-service condition by overwhelming the backend with valid session requests.

Impact

Exploitation of this vulnerability could allow attackers to impersonate charging stations, hijack sessions, misroute legitimate traffic causing a large-scale denial-of-service, and manipulate data sent to the backend.

Remediation

CloudCharge did not respond to CISA's request for coordination. Contact CloudCharge using their contact page for more information.