CVE-2026-44383
HIGH
7.5
CVSS 3.1
Description
Multiple connections to the backend using the same charging station ID
are allowed, which could allow an attacker to deploy multiple instances
of malicious OCPP clients to overwhelm the backend.
Metadata
Severity & Metrics
7.5
HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| Hydro-Québec | Le Circuit Electrique charging station backend | — | 0 < June_2026 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-613 | cna | CWE-613 |
CVSS scores (2)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 8.7 | HIGH | 4.0 | cna | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
| 7.5 | HIGH | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
References (3)