SWITCH EV swtchenergy.com
Multiple critical vulnerabilities in SWITCH EV charging station management platform affect authentication, session handling, and data integrity. Attackers can impersonate charging stations to hijack sessions, suppress or misroute traffic causing denial of service, and manipulate transaction data sent to the backend. The vulnerabilities stem from insufficient security validation (CWE-306), weak session mechanisms (CWE-307), insufficient HTTPS enforcement (CWE-613), and inadequate credential protection (CWE-522). The vendor did not respond to CISA coordination requests.
- Network access to the SWITCH EV platform
- No valid credentials required for initial exploitation
- Ability to intercept or forge network traffic
Patching may require device reboot — plan for process interruption
/api/v1/advisories/968faae9-286d-4ccc-80b0-6a6023515357Get OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.