{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25192", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2026-03-12T16:52:46.488Z", "datePublished": "2026-03-20T22:42:14.820Z", "dateUpdated": "2026-03-23T14:15:57.579Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2026-03-20T22:42:14.820Z"}, "title": "CTEK Chargeportal Missing Authentication for Critical Function", "datePublic": "2026-03-19T16:18:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-306", "description": "CWE-306", "type": "CWE"}]}], "affected": [{"vendor": "CTEK", "product": "Chargeportal", "versions": [{"status": "affected", "version": "All versions", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then issue or receive OCPP commands as a legitimate charger. Given that no authentication is required, this can lead to privilege escalation, unauthorized control of charging\ninfrastructure, and corruption of charging network data reported to the backend.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then issue or receive OCPP commands as a legitimate charger. Given that no authentication is required, this can lead to privilege escalation, unauthorized control of charging<br>infrastructure, and corruption of charging network data reported to the backend."}]}], "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-078-06"}, {"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-078-06.json"}, {"url": "https://www.ctek.com/support"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "LOW", "baseSeverity": "CRITICAL", "baseScore": 9.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "CRITICAL", "baseScore": 9.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"}}], "workarounds": [{"lang": "en", "value": "CTEK will be sunsetting this product in April 2026. Please contact CTEK for more information\u00a0 https://www.ctek.com/support .", "supportingMedia": [{"type": "text/html", "base64": false, "value": "CTEK will be sunsetting this product in April 2026. Please contact CTEK for more information&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ctek.com/support\">https://www.ctek.com/support</a>."}]}], "credits": [{"lang": "en", "value": "Khaled Sarieddine and Mohammad Ali Sayed reported this vulnerability to CISA.", "type": "finder"}], "source": {"advisory": "ICSA-26-078-06", "discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T14:15:49.024960Z", "id": "CVE-2026-25192", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T14:15:57.579Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25192", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-23T14:15:49.024960Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T14:15:54.581Z"}}], "cna": {"title": "CTEK Chargeportal Missing Authentication for Critical Function", "source": {"advisory": "ICSA-26-078-06", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Khaled Sarieddine and Mohammad Ali Sayed reported this vulnerability to CISA."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.4, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "CTEK", "product": "Chargeportal", "versions": [{"status": "affected", "version": "All versions", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2026-03-19T16:18:00.000Z", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-078-06"}, {"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-078-06.json"}, {"url": "https://www.ctek.com/support"}], "workarounds": [{"lang": "en", "value": "CTEK will be sunsetting this product in April 2026. Please contact CTEK for more information\u00a0 https://www.ctek.com/support .", "supportingMedia": [{"type": "text/html", "value": "CTEK will be sunsetting this product in April 2026. Please contact CTEK for more information&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ctek.com/support\">https://www.ctek.com/support</a>.", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then issue or receive OCPP commands as a legitimate charger. Given that no authentication is required, this can lead to privilege escalation, unauthorized control of charging\ninfrastructure, and corruption of charging network data reported to the backend.", "supportingMedia": [{"type": "text/html", "value": "WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then issue or receive OCPP commands as a legitimate charger. Given that no authentication is required, this can lead to privilege escalation, unauthorized control of charging<br>infrastructure, and corruption of charging network data reported to the backend.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2026-03-20T22:42:14.820Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25192", "state": "PUBLISHED", "dateUpdated": "2026-03-23T14:15:57.579Z", "dateReserved": "2026-03-12T16:52:46.488Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2026-03-20T22:42:14.820Z", "assignerShortName": "icscert"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ctek:charge_portal:-:*:*:*:*:*:*:*", "matchCriteriaId": "C757F5E2-F4E7-464D-9184-BD665287E411", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then issue or receive OCPP commands as a legitimate charger. Given that no authentication is required, this can lead to privilege escalation, unauthorized control of charging\ninfrastructure, and corruption of charging network data reported to the backend."}, {"lang": "es", "value": "Los puntos finales WebSocket carecen de mecanismos de autenticaci\u00f3n adecuados, lo que permite a los atacantes realizar suplantaci\u00f3n de estaci\u00f3n no autorizada y manipular datos enviados al backend. Un atacante no autenticado puede conectarse al punto final WebSocket OCPP utilizando un identificador de estaci\u00f3n de carga conocido o descubierto, luego emitir o recibir comandos OCPP como un cargador leg\u00edtimo. Dado que no se requiere autenticaci\u00f3n, esto puede llevar a la escalada de privilegios, control no autorizado de la infraestructura de carga y corrupci\u00f3n de los datos de la red de carga informados al backend."}], "id": "CVE-2026-25192", "lastModified": "2026-05-06T15:19:41.897", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.4, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.5, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2026-03-20T23:16:42.780", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Product"], "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-078-06.json"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["US Government Resource", "Third Party Advisory"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-078-06"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Product"], "url": "https://www.ctek.com/support"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,*]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Chargeportal", "source": "cna", "vendor": "CTEK"}, "product": "chargeportal", "vendor": "ctek"}], "analysis": {"en": {"generated_at": "2026-03-20T23:21:13.658796+00:00", "value": {"mitigation_remediation": ["Disable or remove the Chargeportal from active deployment.", "Contact CTEK support for end\u2011of\u2011life transition and replacement options.", "Restrict network access to the OCPP WebSocket endpoint to trusted IP ranges.", "Monitor system logs for suspicious WebSocket connections and OCPP command activity."], "summary": {"action": "Disable", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The affected product is CTEK Chargeportal. Specific version information is not provided in the public disclosure. The vendor has announced that the product will be sunset in April\u00a02026, indicating that no active maintainer will provide a fix or update for the current release.", "description_and_impact": "A vulnerability in the CTEK Chargeportal\u2019s WebSocket endpoints allows an attacker to connect without authentication. By using a known or discovered charging\u2011station identifier, an unauthenticated user can impersonate a legitimate station and issue OCPP commands to the backend. The lack of access control permits privilege escalation, unauthorized control of charging infrastructure, and corruption of data that the backend reports. This defect corresponds to CWE-306, reflecting missing authentication.", "risk_and_exploitability": "The vulnerability carries a CVSS score of 9.3, signifying critical impact. Although the EPSS score is not available, the absence of authentication on a network\u2011exposed WebSocket endpoint strongly suggests a high likelihood of exploitation. The vendor has not listed this issue in the CISA KEV catalog, but the scenario permits remote attackers to execute arbitrary commands, disrupt operations, and manipulate billing or monitoring data. The attack vector is inferred to be remote over the network, requiring only knowledge of a station identifier to take advantage of the vulnerability."}}}}, "created": "2026-03-23T09:52:19.555419+00:00", "updated": "2026-03-25T14:34:11.748809+00:00", "vendors": ["ctek", "ctek$PRODUCT$chargeportal"]}