Description
The WebSocket backend uses charging station identifiers to uniquely
associate sessions but allows multiple endpoints to connect using the
same session identifier. This implementation results in predictable
session identifiers and enables session hijacking or shadowing, where
the most recent connection displaces the legitimate charging station and
receives backend commands intended for that station. This vulnerability
may allow unauthorized users to authenticate as other users or enable a
malicious actor to cause a denial-of-service condition by overwhelming
the backend with valid session requests.
Published: 2026-02-27
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Session Hijacking
Action: Contact Vendor
AI Analysis

Impact

The WebSocket backend uses charging station identifiers to bind sessions to specific stations, but the design does not enforce unique session usage. Because session identifiers are predictable and multiple endpoints can connect with the same identifier, an attacker can replay a valid session ID to gain access. This allows the attacker to hijack the active session or shadow the legitimate charging station, thereby receiving commands that were intended for the other station. The weakness is a CWE‑613 defect in session management that permits unauthorized authentication and can lead to denial‑of‑service by flooding the backend with hijacked session requests.

Affected Systems

The affected entity is SWITCH EV from swtchenergy.com. The vulnerability resides in the WebSocket backend that handles charging station sessions. No specific product version information is provided, so any deployment of this backend component may be susceptible.

Risk and Exploitability

With a CVSS score of 6.9 the severity is moderate, and an EPSS score of less than 1% indicates a low likelihood of exploitation. The issue is not currently listed in CISA’s KEV catalog. The likely attack vector is network‑based: an attacker establishes a WebSocket connection to the backend and supplies a predictable session identifier, then hijacks the session or triggers denial‑of‑service by overloading the system with valid session creations.

Generated by OpenCVE AI on April 18, 2026 at 10:20 UTC.

Remediation

Vendor Workaround

SWITCH EV did not respond to CISA's request for coordination. Contact SWITCH EV using their contact page here: https://swtchenergy.com/contact/ for more information.

OpenCVE Recommended Actions

  • Contact SWITCH EV via their contact page and request a vendor patch or solution that addresses the insufficient session expiration identified by CWE‑613.
  • Update the backend to enforce unique session usage or enforce session expiration after a single use or after inactivity, following CWE‑613 mitigation guidelines to prevent replay or shadowing of session identifiers.
  • Apply firewall or network segmentation rules to limit WebSocket access solely to trusted networks, thereby reducing the attack surface for hijack or denial‑of‑service attempts.

Generated by OpenCVE AI on April 18, 2026 at 10:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 05 Mar 2026 20:45:00 +0000

Type Values Removed Values Added
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}

Mon, 02 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 02 Mar 2026 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Swtchenergy
Swtchenergy swtchenergy.com
CPEs cpe:2.3:a:swtchenergy:swtchenergy.com:*:*:*:*:*:*:*:*
Vendors & Products Swtchenergy
Swtchenergy swtchenergy.com

Fri, 27 Feb 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Switch Ev
Switch Ev swtchenergy.com
Vendors & Products Switch Ev
Switch Ev swtchenergy.com

Fri, 27 Feb 2026 00:15:00 +0000

Type Values Removed Values Added
Description The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent connection displaces the legitimate charging station and receives backend commands intended for that station. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.
Title SWITCH EV swtchenergy.com Insufficient Session Expiration
Weaknesses CWE-613
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

Subscriptions

Switch Ev Swtchenergy.com
Swtchenergy Swtchenergy.com
cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-03-05T20:28:34.280Z

Reserved: 2026-02-23T23:48:14.370Z

Link: CVE-2026-25778

cve-icon Vulnrichment

Updated: 2026-03-02T20:39:45.234Z

cve-icon NVD

Status : Modified

Published: 2026-02-27T00:16:57.383

Modified: 2026-03-05T21:16:16.397

Link: CVE-2026-25778

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T10:30:35Z

Weaknesses