to the charging station backend, which could allow an attacker to
execute a denial-of-service attack.
No analysis available yet.
Vendor Solution
Hydro-Québec has updated the majority of charging stations to disable OCPP, mitigating the risk of exploitation. Hydro-Québec has also implemented authentication systems to mitigate the issue for certain charging stations which are still reliant on OCPP. Contact Hydro-Québec with any additional questions.
Tracking
Sign in to view the affected projects.
No advisories yet.
Fri, 10 Jul 2026 22:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Previously, there was no throttling on repeated authentication attempts to the charging station backend, which could allow an attacker to execute a denial-of-service attack. | |
| Title | Hydro-Québec Le Circuit Electrique charging station backend Improper Restriction of Excessive Authentication Attempts | |
| Weaknesses | CWE-307 | |
| References |
| |
| Metrics |
cvssV3_1
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: icscert
Published:
Updated: 2026-07-10T22:09:16.884Z
Reserved: 2026-05-07T16:55:26.126Z
Link: CVE-2026-42952
No data.
No data.
No data.
OpenCVE Enrichment
No data.
-
CWE-307
Improper Restriction of Excessive Authentication Attempts