Critical Vulnerabilities in EV2GO Charging Stations Expose EV Infrastructure to Attacks

Critical Vulnerabilities in EV2GO Charging Stations Expose EV Infrastructure to Cyberattacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed multiple critical vulnerabilities in EV2GO electric vehicle (EV) charging stations, which could allow threat actors to impersonate charging infrastructure, hijack sessions, disrupt services, and manipulate backend data. The advisory, published as ICSA-26-057-04, highlights risks to EV charging networks and backend systems.

Technical Details of the Vulnerabilities

While CISA has not yet released full technical details or assigned CVE identifiers, the advisory outlines the following potential attack vectors:

• Impersonation of Charging Stations: Attackers could spoof legitimate charging stations, tricking users or backend systems into connecting to malicious infrastructure.
• Session Hijacking: Exploitation may enable adversaries to take control of active charging sessions, potentially disrupting operations or stealing sensitive data.
• Denial-of-Service (DoS) Attacks: Vulnerabilities could allow threat actors to suppress or misroute legitimate traffic, leading to large-scale service disruptions across EV charging networks.
• Data Manipulation: Attackers may alter data transmitted to backend systems, compromising billing accuracy, user authentication, or operational integrity.

The CSAF (Common Security Advisory Framework) document provides structured vulnerability details for security teams to assess and mitigate risks.

Impact Analysis

Successful exploitation of these vulnerabilities poses significant risks to EV infrastructure, including:

• Operational Disruption: Large-scale DoS attacks could render charging stations inoperable, affecting fleets, public charging networks, and critical transportation services.
• Financial Fraud: Data manipulation could lead to incorrect billing, unauthorized transactions, or theft of payment information.
• Safety Risks: Session hijacking or impersonation attacks may enable adversaries to interfere with vehicle charging processes, potentially causing physical harm or equipment damage.
• Supply Chain Compromise: Backend system breaches could expose sensitive operational data, user credentials, or proprietary information.

EV charging infrastructure is increasingly integrated into smart grids and IoT ecosystems, amplifying the potential blast radius of these vulnerabilities. Security teams managing critical infrastructure, fleet operators, and EV service providers should prioritize remediation.

Recommendations for Security Teams

CISA urges organizations using EV2GO charging stations to take the following actions:

1. Apply Patches Immediately: Monitor EV2GO’s official channels for firmware updates and apply them without delay. CISA will update the advisory with patch details as they become available.
2. Network Segmentation: Isolate EV charging infrastructure from corporate networks and critical operational technology (OT) systems to limit lateral movement.
3. Monitor for Anomalies: Deploy intrusion detection/prevention systems (IDS/IPS) to detect unusual traffic patterns, unauthorized session attempts, or data tampering.
4. Enforce Strong Authentication: Ensure backend systems and charging stations require multi-factor authentication (MFA) for administrative access.
5. Review CSAF Documentation: Security teams should analyze the CSAF advisory for technical indicators and mitigation strategies tailored to their environments.
6. Incident Response Planning: Prepare for potential breaches by updating incident response playbooks to address EV charging infrastructure compromises.

CISA will continue to provide updates as more information becomes available. Organizations are encouraged to subscribe to CISA’s ICS advisories for real-time alerts on emerging threats to operational technology and critical infrastructure.

---

For further details, refer to the original CISA advisory (ICSA-26-057-04).