Search
Search Results (13 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-22537 | 1 Efacec | 3 Qc 120, Qc 60, Qc 90 | 2026-01-08 | N/A |
| The lack of hardening of the system allows the user used to manage and maintain the charger to consult different files containing clear-text credentials or valuable information for an attacker. | ||||
| CVE-2026-22542 | 1 Efacec | 3 Qc 120, Qc 60, Qc 90 | 2026-01-08 | N/A |
| An attacker with access to the system's internal network can cause a denial of service on the system by making two concurrent connections through the Telnet service. | ||||
| CVE-2026-22543 | 1 Efacec | 3 Qc 120, Qc 60, Qc 90 | 2026-01-08 | N/A |
| The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials | ||||
| CVE-2026-22539 | 1 Efacec | 3 Qc 120, Qc 60, Qc 90 | 2026-01-08 | N/A |
| As the service interaction is performed without authentication, an attacker with some knowledge of the protocol could obtain information about the charger via OCPP v1.6. | ||||
| CVE-2026-22535 | 1 Efacec | 3 Qc 120, Qc 60, Qc 90 | 2026-01-08 | N/A |
| An attacker with the ability to interact through the network and with access credentials, could, thanks to the unsecured (unencrypted) MQTT communications protocol, write on the server topics of the board that controls the MQTT communications | ||||
| CVE-2026-22540 | 1 Efacec | 3 Qc 120, Qc 60, Qc 90 | 2026-01-08 | N/A |
| The massive sending of ARP requests causes a denial of service on one board of the charger that allows control of the EV interfaces. Since the board must be operating correctly for the charger to also function correctly. | ||||
| CVE-2026-22541 | 1 Efacec | 3 Qc 120, Qc 60, Qc 90 | 2026-01-08 | N/A |
| The massive sending of ICMP requests causes a denial of service on one of the boards from the EVCharger that allows control the EV interfaces. Since the board must be operating correctly for the charger to also function correctly. | ||||
| CVE-2023-6689 | 1 Efacec | 2 Bcu 500, Bcu 500 Firmware | 2024-11-21 | 8.2 High |
| A successful CSRF attack could force the user to perform state changing requests on the application. If the victim is an administrative account, a CSRF attack could compromise the entire web application. | ||||
| CVE-2023-50707 | 1 Efacec | 2 Bcu 500, Bcu 500 Firmware | 2024-11-21 | 9.6 Critical |
| Through the exploitation of active user sessions, an attacker could send custom requests to cause a denial-of-service condition on the device. | ||||
| CVE-2023-50706 | 1 Efacec | 2 Uc 500e, Uc 500e Firmware | 2024-11-21 | 4.1 Medium |
| A user without administrator permissions with access to the UC500 windows system could perform a memory dump of the running processes and extract clear credentials or valid session tokens. | ||||
| CVE-2023-50705 | 1 Efacec | 2 Uc 500e, Uc 500e Firmware | 2024-11-21 | 5.3 Medium |
| An attacker could create malicious requests to obtain sensitive information about the web server. | ||||
| CVE-2023-50704 | 1 Efacec | 2 Uc 500e, Uc 500e Firmware | 2024-11-21 | 4.3 Medium |
| An attacker could construct a URL within the application that causes a redirection to an arbitrary external domain and could be leveraged to facilitate phishing attacks against application users. | ||||
| CVE-2023-50703 | 1 Efacec | 2 Uc 500e, Uc 500e Firmware | 2024-11-21 | 6.3 Medium |
| An attacker with network access could perform a man-in-the-middle (MitM) attack and capture sensitive information to gain unauthorized access to the application. | ||||
Page 1 of 1.