You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
ocpp security
About this tag
The ocpp security tag covers vulnerabilities and risks in electric vehicle charging infrastructure that uses the Open Charge Point Protocol (OCPP). Recent discussions focus on CISA-advisory findings for EVMAPA charging stations, which include unauthenticated WebSocket endpoints, brute-force attack surfaces, and session management flaws. These issues are assigned CVE identifiers and classified as high-to-critical risk, potentially enabling denial-of-service, unauthorized remote command execution, or charger status manipulation. The tag is relevant for IT professionals, security researchers, and EV infrastructure operators concerned with OCPP implementation security, authentication gaps, and industrial control system hardening.
EVMAPA’s charging‑station software was publicly flagged in a coordinated CISA advisory that assigns three CVE identifiers — CVE‑2025‑54816, CVE‑2025‑53968 and CVE‑2025‑55705 — and classifies the cluster as a high‑to‑critical risk to EV charging infrastructure because successful exploitation can...