Skip to main content

EVBEE DC-80 EUVDEUVD-2026-43327

| CVE-2026-22100 HIGH
OS Command Injection (CWE-78)
2026-07-13 DIVD
8.6
CVSS 4.0 · Vendor: DIVD
Share

Severity by source

Vendor (DIVD) PRIMARY
8.6 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.2 HIGH

Network-reachable OCPP message with low complexity, but sending the ReserveLogin DataTransfer needs a privileged/trusted CSMS session (PR:H); root execution gives full C/I/A impact with unchanged scope.

3.1 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (DIVD).

CVSS VectorVendor: DIVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

3
Patch available
Jul 13, 2026 - 12:01 EUVD
Analysis Generated
Jul 13, 2026 - 11:10 vuln.today
CVE Published
Jul 13, 2026 - 09:10 cve.org
HIGH 8.6

DescriptionCVE.org

The OCPP DataTransfer message ReserveLogin is vulnerable to command injection. By manipulating the data value, arbitrary OS commands can be executed as root.

AnalysisAI

OS command injection in the EVBEE DC-80 electric-vehicle DC charger lets an actor who can send OCPP messages execute arbitrary commands as root by tampering with the data value of the vendor-specific ReserveLogin DataTransfer message. The flaw was reported by DIVD (Dutch Institute for Vulnerability Disclosure) and affects the charger's OCPP handling; no public exploit identified at time of analysis and it is not listed in CISA KEV. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain OCPP/CSMS session access to charger
Delivery
Craft ReserveLogin DataTransfer with shell payload
Exploit
Send message to DC-80
Execution
Unsanitized data passed to shell
Persist
Execute arbitrary command as root
Impact
Full charger compromise

Vulnerability AssessmentAI

Exploitation Exploitation requires the ability to send an OCPP `DataTransfer` message with the vendor-specific action `ReserveLogin` to the EVBEE DC-80, and to control that message's data value - i.e. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor-supplied CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:H/UI:N, VC:H/VI:H/VA:H, score 8.6) indicates a network-reachable, low-complexity attack requiring high privileges and no user interaction, yielding full confidentiality, integrity and availability loss on the charger. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has gained control of the CSMS backend, or who can otherwise inject OCPP messages onto the trusted management channel, sends a `DataTransfer` message with vendor action `ReserveLogin` whose data field embeds shell metacharacters and an OS command. The charger passes the value into a shell and runs the command as root, giving the attacker full control of the charging station firmware. …
Remediation No vendor-released patch version is identified in the provided data; consult the DIVD advisory at https://csirt.divd.nl/DIVD-2026-00001/ and EVBEE for firmware updates and apply any released fix as the primary remediation. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all EVBEE DC-80 units in operation, document which are actively connected to OCPP networks, and prioritize isolation of units serving critical operations or high-traffic locations. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-43327 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy