CVE-2026-22540 - Vulnerability Details

- DENIAL OF SERVICE VIA ARP PACKETS

Description

The massive sending of ARP requests causes a denial of service on one board of the charger that allows control of the EV interfaces. Since the board must be operating correctly for the charger to also function correctly.

Published: 2026-01-07

Score: 9.2 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Large volumes of ARP requests overwhelm the control board of the charger, causing a denial of service that prevents the charger from functioning and disables EV interface control. The flaw is a failure to limit flood traffic, classified as an input handling weakness. The resulting loss is a disruption of the charger's availability.

Affected Systems

EFACEC QC60, QC90, and QC120 charger models are affected. No specific firmware or hardware revision details were provided, so all variants of these models and their associated chemistry boards may be impacted.

Risk and Exploitability

The CVSS score of 9.2 indicates a critical impact, but the EPSS score of less than 1% suggests an exceedingly low likelihood of exploitation in the wild. The vulnerability is not listed in the KEV catalog. The attack vector is inferred to be network-based, requiring an adversary to send large volumes of ARP traffic to the charger—likely from a position on the same local network or compromised device. Once an attacker can flood the board, the charger becomes inoperable, affecting availability for all connected vehicles.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

EFACEC

QC60/90/120

unaffected

Version	Status	Constraints
`8`	affected	—

No data.

Vendor	Product	Confidence	Versions
Efacec	Qc 120	—	—
Efacec	Qc 60	—	—
Efacec	Qc 90	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the vendor‑supplied firmware update that includes ARP packet filtering or rate limiting.
Configure network devices (switches or firewalls) to detect and mitigate ARP flood traffic, for example by limiting ARP request rates or blocking excessive ARP traffic toward the charger.
Segregate the charger’s network segment from untrusted or guest networks and monitor for anomalous ARP activity to detect potential attack attempts.

Generated by OpenCVE AI on April 18, 2026 at 08:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact High

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00143.

Exploitation none

Automatable yes

Technical Impact partial

References

Link	Providers
https://cds.thalesgroup.com/en

History

Thu, 08 Jan 2026 10:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Efacec Efacec qc 120 Efacec qc 60 Efacec qc 90
Vendors & Products		Efacec Efacec qc 120 Efacec qc 60 Efacec qc 90

Wed, 07 Jan 2026 15:15:00 +0000

Type	Values Removed	Values Added
Description	The massive sending of ARP requests causes a denial of service on one board of the charger that allows control of the EV interfaces. Since the board must be operating correctly for the charger to also function correctly, the denial of service (DoS) results in a restart of the charger functionalities	The massive sending of ARP requests causes a denial of service on one board of the charger that allows control of the EV interfaces. Since the board must be operating correctly for the charger to also function correctly.
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 07 Jan 2026 14:30:00 +0000

Type	Values Removed	Values Added
Description		The massive sending of ARP requests causes a denial of service on one board of the charger that allows control of the EV interfaces. Since the board must be operating correctly for the charger to also function correctly, the denial of service (DoS) results in a restart of the charger functionalities
Title		DENIAL OF SERVICE VIA ARP PACKETS
Weaknesses		CWE-400
References		https://cds.thalesgroup.com/en
Metrics		cvssV4_0 `{'score': 9.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H'}`

Subscriptions

Efacec Qc 120 Qc 60 Qc 90

MITRE

Status: PUBLISHED

Assigner: S21sec

Published: 2026-01-07T14:16:32.682Z

Updated: 2026-01-07T15:02:48.203Z

Reserved: 2026-01-07T14:01:04.829Z

Link: CVE-2026-22540

Vulnrichment

Updated: 2026-01-07T14:32:08.780Z

NVD

Status : Deferred

Published: 2026-01-07T15:15:46.703

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-22540

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-18T08:15:15Z

Weaknesses

CWE-400

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact High

Exploitation none

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object