Skip to main content

XCharge C6 CVE-2026-9038

| EUVDEUVD-2026-33003 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-05-28 icscert GHSA-88gx-5947-cmjp
8.6
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.6 HIGH
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
May 28, 2026 - 20:22 vuln.today
CVSS changed
May 28, 2026 - 20:22 NVD
8.6 (HIGH)

DescriptionCVE.org

A stack-based buffer overflow vulnerability in the charging controller’s signal-processing logic allows an attacker with physical access to the charging interface to supply message fields that exceed expected bounds. Because the input is not sufficiently validated, memory corruption may occur, which can lead to execution of unauthorized code with elevated privileges.

AnalysisAI

Stack-based buffer overflow in the XCharge C6 charging controller's signal-processing logic enables an attacker with physical access to the charging interface to corrupt memory by sending oversized message fields, potentially gaining code execution with elevated privileges. Reported through CISA's ICS-CERT under advisory ICSA-26-148-08, the flaw carries a CVSS 4.0 score of 8.6 driven by high impact to confidentiality, integrity, and availability of both the vulnerable component and adjacent subsystems. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Technical ContextAI

The affected product (cpe:2.3:a:xcharge:c6) is an electric-vehicle charging station controller that processes protocol messages - typically over the EV-to-EVSE communication channel such as ISO 15118 / DIN 70121 PLC or the proprietary CAN/serial layer exposed at the charging coupler. CWE-121 (stack-based buffer overflow) indicates that fixed-size stack buffers in the signal-processing routines copy attacker-controlled message fields without enforcing length checks, allowing the saved return address or adjacent stack frame data to be overwritten. Because embedded charging controllers commonly run firmware without modern mitigations (ASLR, stack canaries, NX) and execute with the privileges of the charging supervisor process, successful corruption can pivot directly to arbitrary code execution on the EVSE.

RemediationAI

No vendor-released patch identified at time of analysis from the provided data; consult the CISA ICS advisory at https://www.cisa.gov/news-events/ics-advisories/icsa-26-148-08 for the vendor's authoritative fix version and firmware update procedure, and apply it to all XCharge C6 units as the primary remediation. Until firmware is updated, compensating controls include restricting physical access to the charging coupler and controller enclosure (locked stations, tamper-evident seals, CCTV monitoring of public chargers - trade-off: does not stop a determined attacker posing as a customer), disabling or rate-limiting non-essential charging protocols and any debug/diagnostic ports on the coupler (trade-off: may break legitimate vehicle handshakes or field-service workflows), and network-segmenting EVSE units from the charging operator's payment, OCPP, and back-office networks to contain the SC:H/SI:H subsequent-impact path (trade-off: complicates remote management and roaming).

Share

CVE-2026-9038 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy