Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable WebSocket with no authentication gives AV:N/AC:L/PR:N/UI:N; impersonation exposes data and allows unauthorized actions (C:H/I:H) with limited availability impact (A:L), scope unchanged.
Primary rating from Vendor (icscert).
CVSS VectorVendor: icscert
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to impersonate charging stations. As a result, attackers can exploit this weakness to gain unauthorized access to sensitive data or perform unauthorized actions. Given that no authentication is required, this can lead to privilege escalation and potentially compromise the security of the entire system.
AnalysisAI
Authentication bypass in Evoke Systems' Evoke CSMS (EV Charging Station Management System) lets remote unauthenticated attackers connect to its WebSocket endpoints and impersonate legitimate charging stations. Because the OCPP-style WebSocket channel performs no authentication, an attacker can read sensitive station/session data and issue unauthorized commands, leading to privilege escalation and potential compromise of the broader charging backend. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The only prerequisite is network access to the Evoke CSMS WebSocket endpoint used by charging stations; per the CVSS vector (AV:N/AC:L/PR:N/UI:N) and the description's statement that no authentication is required, exploitation works against default configurations without credentials or user interaction. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | All available signals point to genuine high priority: the CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) describes a network-reachable, low-complexity attack needing no privileges or user interaction, with High confidentiality and integrity impact and Low availability impact (VC:H/VI:H/VA:L), yielding a Critical 9.3. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who can reach the CSMS WebSocket endpoint over the network opens a connection and, because no credentials are checked, registers as an existing or arbitrary charging station identifier. They then issue OCPP messages to read transaction, meter, and configuration data and to send unauthorized control or configuration commands, pivoting toward privilege escalation across the management backend. … |
| Remediation | No vendor-released patch version is identified in the available data, so confirm the fixed release directly with Evoke Systems (https://evokesystems.com/contact-us/) and review the CISA advisory ICSA-26-176-02 (https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-02) for vendor-supplied guidance before deployment. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
WITHIN 24 HOURS: Inventory all Evoke CSMS deployments and network exposure; implement firewall rules restricting external access to WebSocket endpoints if operationally feasible. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Evoke Csms
View allDenial-of-service and credential brute-force exposure in Evoke Systems' Evoke CSMS (an EV charging station management sy
Evoke CSMS exposes charging station authentication identifiers through public web-based mapping platforms, allowing unau
Authentication bypass and denial-of-service in Evoke Systems' Evoke CSMS electric-vehicle charging station management sy
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39569
GHSA-v97x-26qp-3g45