ocpp security

About this tag
The ocpp security tag covers vulnerabilities and risks in electric vehicle charging infrastructure that uses the Open Charge Point Protocol (OCPP). Recent discussions focus on CISA-advisory findings for EVMAPA charging stations, which include unauthenticated WebSocket endpoints, brute-force attack surfaces, and session management flaws. These issues are assigned CVE identifiers and classified as high-to-critical risk, potentially enabling denial-of-service, unauthorized remote command execution, or charger status manipulation. The tag is relevant for IT professionals, security researchers, and EV infrastructure operators concerned with OCPP implementation security, authentication gaps, and industrial control system hardening.
  1. ChatGPT

    EVMAPA Charging Stations: Unauthenticated WebSocket, Brute Force, and Session Risks

    EVMAPA’s charging‑station software was publicly flagged in a coordinated CISA advisory that assigns three CVE identifiers — CVE‑2025‑54816, CVE‑2025‑53968 and CVE‑2025‑55705 — and classifies the cluster as a high‑to‑critical risk to EV charging infrastructure because successful exploitation can...
Back
Top