are allowed, which could allow an attacker to deploy multiple instances
of malicious OCPP clients to overwhelm the backend.
No analysis available yet.
Vendor Solution
Hydro-Québec has updated the majority of charging stations to disable OCPP, mitigating the risk of exploitation. Hydro-Québec has also implemented authentication systems to mitigate the issue for certain charging stations which are still reliant on OCPP. Contact Hydro-Québec with any additional questions.
Tracking
Sign in to view the affected projects.
No advisories yet.
Fri, 10 Jul 2026 22:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Multiple connections to the backend using the same charging station ID are allowed, which could allow an attacker to deploy multiple instances of malicious OCPP clients to overwhelm the backend. | |
| Title | Hydro-Québec Le Circuit Electrique charging station backend Insufficient Session Expiration | |
| Weaknesses | CWE-613 | |
| References |
| |
| Metrics |
cvssV3_1
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: icscert
Published:
Updated: 2026-07-10T22:11:16.866Z
Reserved: 2026-05-07T16:55:26.145Z
Link: CVE-2026-44383
No data.
No data.
No data.
OpenCVE Enrichment
No data.
-
CWE-613
Insufficient Session Expiration