Back to overview

CVE-2026-44383

HIGH
7.5
CVSS 3.1
Description
Multiple connections to the backend using the same charging station ID are allowed, which could allow an attacker to deploy multiple instances of malicious OCPP clients to overwhelm the backend.

Metadata

CVE ID
CVE-2026-44383
State
PUBLISHED
Assigner
icscert
Reserved
2026-05-07 16:55 UTC
Published
2026-07-10 22:11 UTC
Last updated
2026-07-10 22:11 UTC
Primary CWE
CWE-613
CWE-613
Vendor / Product
Hydro-Québec / Le Circuit Electrique charging station backend
Sources
cve.org  ·  NVD

Severity & Metrics

7.5 HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products (1)
VendorProductPlatformVersions
Hydro-Québec Le Circuit Electrique charging station backend 0 < June_2026
Weakness (CWE)
CWESourceDescription
CWE-613 cna CWE-613
CVSS scores (2)
ScoreSeverityVersionSourceVector
8.7 HIGH 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
7.5 HIGH 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Back to overview