CVE-2026-27767 in swtchenergy
Summary
by MITRE • 02/27/2026
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then issue or receive OCPP commands as a legitimate charger. Given that no authentication is required, this can lead to privilege escalation, unauthorized control of charging infrastructure, and corruption of charging network data reported to the backend.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 03/06/2026
This vulnerability resides within WebSocket endpoints that serve as communication channels for charging stations in electric vehicle infrastructure, specifically within the Open Charge Point Protocol OCPP framework. The flaw represents a critical authentication failure that directly violates security principles governing access control and identity verification. The vulnerability stems from the absence of mandatory authentication mechanisms at the WebSocket endpoint level, creating a pathway for malicious actors to establish connections without proper authorization. This authentication bypass allows attackers to leverage known or discovered charging station identifiers to impersonate legitimate devices within the network infrastructure.
The technical implementation of this vulnerability manifests through the OCPP WebSocket protocol's failure to validate client identities before establishing communication sessions. Attackers can exploit this weakness by connecting to the WebSocket endpoint using any valid charging station identifier, effectively bypassing the normal authentication flow that should occur during the initial connection handshake. This flaw enables unauthorized access to the backend systems that process charging station communications, allowing attackers to send and receive OCPP commands as if they were legitimate charging infrastructure components. The vulnerability operates at the application layer and directly impacts the integrity and confidentiality of data exchanged between charging stations and backend management systems.
The operational impact of this vulnerability extends far beyond simple unauthorized access, creating a comprehensive threat vector that can compromise entire charging networks. An attacker with access to a valid charging station identifier can manipulate charging session data, alter billing information, and potentially gain control over charging infrastructure operations. This capability enables privilege escalation scenarios where attackers can move laterally within the network, accessing systems that should only be reachable by authorized administrators. The vulnerability also poses significant risks to data integrity, as malicious actors can corrupt charging network data reported to backend systems, potentially leading to financial losses, operational disruptions, and compromised safety protocols within charging infrastructure.
This vulnerability aligns with CWE-306, which describes "Missing Authentication for Critical Function" and maps to multiple ATT&CK techniques including T1078 for valid accounts and T1566 for credential harvesting. The attack surface is particularly concerning for critical infrastructure environments where charging networks form part of larger smart grid systems. Organizations should implement mandatory authentication mechanisms using secure token-based systems or certificate-based authentication to prevent unauthorized access. Network segmentation and monitoring of WebSocket traffic can help detect anomalous connection patterns. Additionally, regular credential rotation and implementation of multi-factor authentication for administrative access to backend systems will significantly reduce the risk of exploitation. The vulnerability underscores the importance of applying defense-in-depth strategies to protect critical infrastructure components and maintain the integrity of communication protocols within industrial control systems.