Skip to main content

Chargeportal EUVDEUVD-2026-13848

| CVE-2026-27649 MEDIUM
Insufficient Session Expiration (CWE-613)
2026-03-20 icscert
6.9
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

5
Severity Changed
May 06, 2026 - 15:22 NVD
HIGH MEDIUM
CVSS changed
May 06, 2026 - 15:22 NVD
7.3 (HIGH) 6.9 (MEDIUM)
EUVD ID Assigned
Mar 20, 2026 - 23:16 euvd
EUVD-2026-13848
Analysis Generated
Mar 20, 2026 - 23:16 vuln.today
CVE Published
Mar 20, 2026 - 22:46 nvd
HIGH 7.3

DescriptionCVE.org

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent connection displaces the legitimate charging station and receives backend commands intended for that station. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.

AnalysisAI

A session management vulnerability in CTEK ChargePortal's WebSocket backend allows attackers to hijack charging station sessions by connecting with the same predictable session identifier used by legitimate stations. This enables authentication bypass, interception of backend commands intended for legitimate charging stations, and denial-of-service through session flooding. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify predictable charging station identifier
Exploit
Connect WebSocket with same session ID
Execution
Displace legitimate station connection
Impact
Receive backend commands intended for target station

Vulnerability AssessmentAI

Exploitation Remote unauthenticated attacker can exploit the WebSocket backend by connecting with predictable or known charging station identifiers. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS v3.1 score of 7.3 reflects a remotely exploitable vulnerability (AV:N) with low attack complexity (AC:L) requiring no privileges (PR:N) or user interaction (UI:N), resulting in partial impacts across confidentiality, integrity, and availability (C:L/I:L/A:L). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker scans for exposed CTEK ChargePortal WebSocket endpoints and enumerates predictable charging station identifiers through reconnaissance or brute force. The attacker then initiates a WebSocket connection using a legitimate station's identifier, displacing the actual charging station and receiving all backend commands intended for that station, including configuration changes, charging authorizations, and payment processing instructions. …
Remediation Organizations should consult CTEK support at https://www.ctek.com/support and review the CISA ICS advisory at https://www.cisa.gov/news-events/ics-advisories/icsa-26-078-06 for vendor patches addressing the session management vulnerability. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all CTEK ChargePortal deployments and assess exposure scope; establish incident response protocols for potential session hijacking. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-13848 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy