proper authentication, which could lead to privilege escalation.
No analysis available yet.
Vendor Solution
Hydro-Québec has updated the majority of charging stations to disable OCPP, mitigating the risk of exploitation. Hydro-Québec has also implemented authentication systems to mitigate the issue for certain charging stations which are still reliant on OCPP. Contact Hydro-Québec with any additional questions.
Tracking
Sign in to view the affected projects.
No advisories yet.
Fri, 10 Jul 2026 22:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The charging station websocket endpoint accepts connections without proper authentication, which could lead to privilege escalation. | |
| Title | Hydro-Québec Le Circuit Electrique charging station backend Improper Access Control | |
| Weaknesses | CWE-284 | |
| References |
| |
| Metrics |
cvssV3_1
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: icscert
Published:
Updated: 2026-07-10T22:07:23.971Z
Reserved: 2026-01-27T23:33:47.834Z
Link: CVE-2026-20744
No data.
No data.
No data.
OpenCVE Enrichment
No data.
-
CWE-284
Improper Access Control