Automated Logic WebCTRL Premium Server WebSocket Authentication Bypass Vulnerability Allowing Unauthorized Station Impersonation

A vulnerability exists in the WebSocket endpoints of Automated Logic WebCTRL Premium Server, where proper authentication mechanisms are lacking. This flaw enables unauthorized station impersonation and manipulation of data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier and issue or receive OCPP commands as if they were a legitimate charger. The absence of authentication can lead to privilege escalation, unauthorized control of charging infrastructure, and corruption of charging network data reported to the backend.

Impact

Exploitation of this vulnerability could result in unauthorized control over charging stations, allowing attackers to impersonate legitimate chargers, manipulate OCPP commands, and disrupt the integrity of charging network data sent to the backend.

Remediation

For customers using supported versions of WebCTRL (WebCTRL 8.5 cumulative releases and later), Automated Logic provides secure configuration guidance for hardware and software deployments, BACnet Secure Connect (BACnet/SC) support which introduces TLS encryption and mutual authentication, and published best practices for network segmentation, access control, and secure protocol implementation. Additional information is available on the Automated Logic website.