BACK TO NEWS
CERT AdvisoriesLow

Critical Vulnerabilities in EV Charging Stations Enable Remote Takeover (ICSA-26-057-07)

2 min readSource: CISA Cybersecurity Advisories

CISA warns of severe flaws in EV charging stations allowing admin control or DoS attacks. Immediate patching urged for affected versions.

CISA Warns of Critical EV Charging Station Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed multiple critical vulnerabilities in electric vehicle (EV) charging stations that could allow attackers to gain unauthorized administrative control or disrupt services via denial-of-service (DoS) attacks. The advisory, ICSA-26-057-07, highlights risks to operational technology (OT) systems in EV infrastructure.

Technical Details

While CISA’s advisory references the CSAF document for full technical specifications, key details include:

  • Affected Products: Specific versions of EV charging station firmware (details redacted pending vendor coordination).
  • Exploit Mechanisms: Vulnerabilities likely involve authentication bypasses, privilege escalation, or improper input validation, enabling remote exploitation.
  • Impact: Successful attacks could allow threat actors to modify configurations, shut down charging sessions, or exfiltrate sensitive data.

Impact Analysis

EV charging stations are increasingly integrated into critical infrastructure, including smart grids and fleet management systems. Exploitation of these flaws could:

  • Disrupt Energy Distribution: DoS attacks may overload local power grids or halt charging services for commercial fleets.
  • Enable Physical Access Attacks: Administrative control could facilitate tampering with hardware or firmware for long-term persistence.
  • Expose User Data: Compromised stations may leak payment details or vehicle telemetry data.

Recommendations

CISA urges stakeholders to:

  1. Apply Patches Immediately: Monitor vendor updates for firmware fixes and prioritize deployment.
  2. Isolate OT Networks: Segment EV charging infrastructure from corporate IT networks to limit lateral movement.
  3. Monitor for Anomalies: Deploy intrusion detection systems (IDS) to flag unusual activity, such as unauthorized configuration changes.
  4. Review CSAF Documentation: Consult the CSAF file for vulnerability-specific mitigations.

Note: CISA has withheld full technical details to prevent exploitation while vendors develop patches. Organizations should treat this advisory as a high-severity alert and act accordingly.

For ongoing updates, follow CISA’s ICS Advisories.

Share

TwitterLinkedIn