You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
session management
About this tag
Session management is a recurring security theme in WindowsForum.com discussions about electric vehicle charging infrastructure. Recent threads highlight critical authentication and session flaws in platforms such as Mobiliti e-mobi, SWTCH Energy, EV2GO, CloudCharge, and EVMAPA. These vulnerabilities, flagged by U.S. federal authorities, include session hijacking, missing authentication, and weak session controls that could allow attackers to impersonate stations, disrupt services, or manipulate billing data. The tag covers real-world risks to EV charging networks, emphasizing the importance of secure session handling in cloud-based management systems.
On June 18, 2026, CISA published ICS advisory ICSA-26-169-07 for Schneider Electric Easergy, EcoStruxure, PowerLogic, Saitel, and related power-automation products affected by CVE-2026-4827, an insufficient-entropy flaw that can enable unauthorized access through weakened session management. The...
A cluster of high‑severity authentication and session‑management vulnerabilities in Mobiliti’s e‑mobi charging-management software has been publicly flagged by U.S. federal ICS authorities, warning that successful exploitation could allow attackers to gain administrative control over affected...
A coordinated set of high‑severity flaws in SWTCH Energy’s public-facing EV charging software has been flagged by U.S. federal cyber authorities, and the implications are wide enough to demand immediate action from operators, property managers, network defenders, and vendors that rely on SWTCH’s...
A cluster of high-severity authentication and session‑management flaws in EV2GO’s ev2go.io charging-management platform has been disclosed by U.S. federal authorities, and the practical impact is stark: every version of the service is listed as affected, the vendor’s public endpoints expose...
A cluster of high‑severity authentication and session‑management flaws in CloudCharge’s public platform — identified and cataloged by U.S. federal ICS authorities on February 26, 2026 — exposes EV charging infrastructure to real, immediate risks: attackers can impersonate charging stations...
EVMAPA’s charging‑station software was publicly flagged in a coordinated CISA advisory that assigns three CVE identifiers — CVE‑2025‑54816, CVE‑2025‑53968 and CVE‑2025‑55705 — and classifies the cluster as a high‑to‑critical risk to EV charging infrastructure because successful exploitation can...