Skip to main content

Eparking Fi EUVDEUVD-2026-13857

| CVE-2026-31926 MEDIUM
Insufficiently Protected Credentials (CWE-522)
2026-03-20 icscert
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 20, 2026 - 23:16 euvd
EUVD-2026-13857
Analysis Generated
Mar 20, 2026 - 23:16 vuln.today
CVE Published
Mar 20, 2026 - 23:06 nvd
MEDIUM 6.5

DescriptionCVE.org

Charging station authentication identifiers are publicly accessible via web-based mapping platforms.

AnalysisAI

A web-based mapping platform exposes charging station authentication identifiers publicly, allowing unauthenticated network-based attackers to access sensitive credential information without any user interaction required. The vulnerability affects IGL Technologies eparking.fi application and enables attackers to obtain authentication material that could be leveraged for unauthorized access to charging infrastructure. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment The CVSS 3.1 score of 6.5 with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N reflects a moderate severity with notable concerning characteristics: the attack vector is network-based requiring no privileges or user interaction, and the attack complexity is low, meaning no special conditions are required for exploitation. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker discovers the eparking.fi web-based mapping platform and identifies that charging station authentication identifiers are publicly accessible without authentication (AV:N, PR:N, UI:N). The attacker methodically enumerates and extracts the exposed identifiers by parsing responses from the mapping interface or analyzing client-side code. …
Remediation Coordinate with IGL Technologies to obtain and deploy the patched version of eparking.fi addressing the credential exposure; refer to the CISA advisory at https://www.cisa.gov/news-events/ics-advisories/icsa-26-078-08 for specific patched version numbers and deployment instructions. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-13857 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy