SWTCH EV swtchenergy.com (Update A)

Risk Summary

Successful exploitation of these vulnerabilities could allow attackers to impersonate charging stations, hijack sessions, suppress or misroute legitimate traffic to cause large-scale denial-of-service, and manipulate data sent to the backend.

CVEs (4)

Remediations

• SWTCH Energy has applied configuration changes to enforce security checks for initial connections from untrusted chargers. All initially onboarded devices and newly established connections are subject to the additional scrutiny related to authentication, connection-control, and ingress-protection requirements.
• For some existing chargers in the field, full enforcement remains dependent on device-specific constraints, including legacy firmware limitations and SSL/TLS compatibility issues. Where technically supported, affected chargers will be upgraded to align fully with the updated security policy.
• SWTCH applies compensating controls to all connection attempts, including monitoring and targeted network-level restrictions such as IP-based access controls, to reduce exposure while upgrade or retirement activities are completed.
• Refer to the SWTCH Security portal for additional information here: https://swtchenergy.com/security/.
• Contact SWTCH EV using their contact page for further assistance here: https://swtchenergy.com/contact/.

Affected Vendors

Affected Products (1)

Affected Sectors

Energy, Transportation Systems