THE EVoke Charging Station Management System has four critical vulnerabilities with a highest severity score of 9.4, allowing unauthorized access and disruption of charging services. The main vulnerabilities include authentication bypass and insufficient session management, which could lead to denial-of-service attacks and data theft. While no active exploitation has been confirmed, urgent steps are recommended for system administrators to adopt modern authentication profiles and implement protective measures. EVoke advises upgrading to OCPP Security Profile 2 or 3, along with server-side protections.
Researchers Find Critical Flaws in EVoke Charging Stations
CyberSIXT Evidence Panel
Primary Source
cisa.gov
Article by CyberSIXT