Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
3DescriptionCVE.org
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
AnalysisAI
A web-based mapping platform exposes charging station authentication identifiers publicly, allowing unauthenticated network-based attackers to access sensitive credential information without any user interaction required. The vulnerability affects IGL Technologies eparking.fi application and enables attackers to obtain authentication material that could be leveraged for unauthorized access to charging infrastructure. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Vulnerability AssessmentAI
| Risk Assessment | The CVSS 3.1 score of 6.5 with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N reflects a moderate severity with notable concerning characteristics: the attack vector is network-based requiring no privileges or user interaction, and the attack complexity is low, meaning no special conditions are required for exploitation. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker discovers the eparking.fi web-based mapping platform and identifies that charging station authentication identifiers are publicly accessible without authentication (AV:N, PR:N, UI:N). The attacker methodically enumerates and extracts the exposed identifiers by parsing responses from the mapping interface or analyzing client-side code. … |
| Remediation | Coordinate with IGL Technologies to obtain and deploy the patched version of eparking.fi addressing the credential exposure; refer to the CISA advisory at https://www.cisa.gov/news-events/ics-advisories/icsa-26-078-08 for specific patched version numbers and deployment instructions. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Eparking Fi
View allUnauthenticated access to OCPP WebSocket endpoints allows remote attackers to impersonate legitimate charging stations a
Unlimited authentication attempts against the eParking.fi WebSocket API enable network-based denial-of-service attacks t
A session management vulnerability exists in the WebSocket backend of IGL Technologies' eparking.fi platform that allows
Same weakness CWE-522 – Insufficiently Protected Credentials
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-13857