Risk Summary
Successful exploitation of these vulnerabilities could lead to degraded service, a denial-of-service, or unauthorized remote command execution, which could lead to spoofing or a manipulation of charging station statuses.
CVEs (3)
Remediations
- CVE-2025-54816: EVMAPA informed CISA some of their charging stations do not allow changes to the authorization key using the Open Charge Point Protocol (OCPP). Currently, charge point operators have the option to connect stations using WebSocket Secure (WSS), and EVMAPA connects stations they supply via their own VPN. For OCPP 2.x and newer stations, EVMAPA plans to implement BASIC authorization control.
- CVE-2025-53968: EVMAPA did not release a statement regarding this vulnerability. Contact EVMAPA directly for more information.
- CVE-2025-55705: EVMAPA informed CISA they have resolved this issue and do not allow simultaneous connection of charging stations with the same CBID.
Affected Vendors
EVMAPA
Affected Products (1)
EVMAPA
·
EVMAPA
vers:all/*
Affected Sectors
Transportation Systems
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more