Critical Vulnerabilities in CloudCharge EV Charging Stations Expose Infrastructure Risks

Critical Flaws in CloudCharge EV Charging Systems Expose Operational Risks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed multiple critical vulnerabilities in CloudCharge electric vehicle (EV) charging stations, identified under ICSA-26-057-03. If exploited, these flaws could enable threat actors to impersonate charging stations, hijack sessions, suppress or misroute traffic for large-scale denial-of-service (DoS) attacks, and manipulate backend data—posing significant risks to energy infrastructure and EV networks.

Technical Details of the Vulnerabilities

While CISA’s advisory does not provide exhaustive technical specifics, the Common Security Advisory Framework (CSAF) document (view CSAF) outlines the following attack vectors:

• Session Hijacking: Attackers may intercept or manipulate active charging sessions, potentially gaining unauthorized control over connected vehicles or backend systems.
• Impersonation Attacks: Vulnerabilities could allow adversaries to spoof legitimate charging stations, tricking users or systems into connecting to malicious infrastructure.
• Traffic Manipulation: Exploitation may enable the suppression or redirection of network traffic, leading to large-scale DoS conditions or data exfiltration.
• Backend Data Tampering: Compromised systems could alter telemetry, billing, or operational data sent to cloud or enterprise backends, undermining trust in EV charging networks.

The advisory does not currently list CVE IDs, but the severity of these flaws suggests they may involve authentication bypasses, insecure communication protocols, or improper input validation—common attack surfaces in operational technology (OT) and Internet of Things (IoT) environments.

Impact Analysis

The vulnerabilities affect CloudCharge charging stations, which are deployed in commercial and public EV infrastructure. Successful exploitation could have cascading effects:

• Operational Disruption: Large-scale DoS attacks could render charging networks unavailable, impacting fleet operators, logistics, and public transportation.
• Financial Fraud: Data manipulation could enable billing fraud, energy theft, or unauthorized access to payment systems.
• Safety Risks: Tampered telemetry or session hijacking could pose physical safety risks, such as overcharging or incorrect power delivery to vehicles.
• Supply Chain Threats: Compromised charging stations could serve as entry points for broader attacks on energy grids or connected smart city infrastructure.

Recommendations for Mitigation

CISA urges asset owners, operators, and vendors to take immediate action:

1. Apply Patches: Monitor CloudCharge for firmware updates and apply them without delay. The advisory may include vendor-specific remediation steps.
2. Network Segmentation: Isolate EV charging networks from corporate IT systems and critical OT environments to limit lateral movement.
3. Monitor for Anomalies: Deploy intrusion detection/prevention systems (IDS/IPS) to detect unusual traffic patterns, session hijacks, or unauthorized access attempts.
4. Enforce Strong Authentication: Require multi-factor authentication (MFA) for backend access and charging station management interfaces.
5. Review Communication Protocols: Ensure all data transmissions between charging stations and backends use TLS 1.2 or higher with valid certificates to prevent interception or tampering.
6. Incident Response Planning: Update incident response plans to account for potential EV charging system compromises, including containment and recovery procedures.

CISA has not reported active exploitation in the wild, but the low complexity of potential attacks increases the urgency for remediation. Organizations should treat these vulnerabilities as high-risk and prioritize patching alongside other critical infrastructure protections.

For full technical details, refer to the CISA advisory (ICSA-26-057-03) and the accompanying CSAF document.