Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent connection displaces the legitimate charging station and receives backend commands intended for that station. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.
AnalysisAI
A session management vulnerability in CTEK ChargePortal's WebSocket backend allows attackers to hijack charging station sessions by connecting with the same predictable session identifier used by legitimate stations. This enables authentication bypass, interception of backend commands intended for legitimate charging stations, and denial-of-service through session flooding. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Remote unauthenticated attacker can exploit the WebSocket backend by connecting with predictable or known charging station identifiers. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS v3.1 score of 7.3 reflects a remotely exploitable vulnerability (AV:N) with low attack complexity (AC:L) requiring no privileges (PR:N) or user interaction (UI:N), resulting in partial impacts across confidentiality, integrity, and availability (C:L/I:L/A:L). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker scans for exposed CTEK ChargePortal WebSocket endpoints and enumerates predictable charging station identifiers through reconnaissance or brute force. The attacker then initiates a WebSocket connection using a legitimate station's identifier, displacing the actual charging station and receiving all backend commands intended for that station, including configuration changes, charging authorizations, and payment processing instructions. … |
| Remediation | Organizations should consult CTEK support at https://www.ctek.com/support and review the CISA ICS advisory at https://www.cisa.gov/news-events/ics-advisories/icsa-26-078-06 for vendor patches addressing the session management vulnerability. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all CTEK ChargePortal deployments and assess exposure scope; establish incident response protocols for potential session hijacking. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Chargeportal
View allCTEK Chargeportal's OCPP WebSocket endpoints accept unauthenticated connections, allowing remote attackers to impersonat
Missing rate limiting in CTEK Chargeportal's WebSocket API enables remote attackers to launch denial-of-service attacks
Authentication identifiers for electric vehicle charging stations are publicly exposed through web-based mapping platfor
Same weakness CWE-613 – Insufficient Session Expiration
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-13848