SWITCH EV swtchenergy.com

Act Now9.4ICS-CERT ICSA-26-057-06Feb 26, 2026

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

SWITCH EV swtchenergy.com contains multiple critical authentication and session management vulnerabilities (CWE-306, CWE-307, CWE-613, CWE-522). These flaws allow attackers to impersonate charging stations, hijack user sessions, suppress or misroute traffic, and manipulate backend data. The vendor did not respond to CISA coordination efforts.

What this means

What could happen

An attacker could impersonate EV charging infrastructure, intercept and redirect driver sessions, or cause denial of service on the charging network. They could also alter transaction data sent to billing and backend systems, potentially affecting charging operations and revenue collection.

Who's at risk

This affects EV charging network operators and transportation authorities that deploy SWITCH EV charging stations. Any organization using swtchenergy.com infrastructure for EV fleet charging or public charging networks is at risk of service disruption and data manipulation.

How it could be exploited

An attacker with network access to the charging station communication protocol can exploit weak authentication (CWE-306) and missing session protections (CWE-307) to spoof a legitimate charging station or intercept driver sessions. With compromised session tokens, they can inject commands to the backend or redirect charging traffic to attacker-controlled infrastructure, disrupting EV charging services at scale.

Prerequisites

Network reachability to charging station or cloud backend communication
No valid credentials required—vulnerabilities exist in unauthenticated or weakly authenticated entry points

Remotely exploitableNo authentication requiredLow complexity attackNo patch availableAffects transportation infrastructureHigh CVSS (9.4)

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

swtchenergy.com: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/6

Do now

0/4

WORKAROUNDContact SWITCH EV immediately via https://swtchenergy.com/contact/ to request security patches or guidance on compensating controls

HARDENINGImplement network segmentation to restrict charging station communication to internal, monitored networks only; isolate backend systems from direct internet exposure

HARDENINGDeploy network intrusion detection/prevention (IDS/IPS) rules to monitor for anomalous charging station impersonation patterns or session hijacking attempts

HARDENINGEnable TLS/SSL encryption and certificate pinning for all charging station-to-backend communication if not already in place

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGImplement mutual authentication (mTLS) and device certificate validation to verify legitimate charging stations

HARDENINGMonitor transaction logs and session audit trails for signs of data manipulation or unauthorized access

CVEs (4)

CVE-2026-27767 CVE-2026-25113 CVE-2026-25778 CVE-2026-27773

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/968faae9-286d-4ccc-80b0-6a6023515357