A critical authentication failure in EVoke CSMS WebSocket endpoints allows attackers to impersonate charging stations, leading to potential unauthorized access and complete system compromise.

The vulnerability stems from missing authentication mechanisms on WebSocket endpoints. This allows an unauthenticated attacker to inject traffic and impersonate legitimate charging stations, effectively bypassing security controls to execute unauthorized actions.

With a CVSS score of 9.4, this vulnerability represents an extreme risk to the platform's security. Successful exploitation could result in the compromise of the charging infrastructure, unauthorized data access, and potential large-scale operational disruption, severely impacting both business revenue and physical asset security.

Immediate Action: Apply the latest security update provided by EVoke to implement mandatory authentication for all WebSocket communications.

Proactive Monitoring: Monitor WebSocket traffic patterns for anomalous connection requests or suspicious commands originating from unauthorized or unexpected endpoints.

Compensating Controls: Deploy strict network segmentation and egress filtering to limit communication to only known, trusted charging station IP addresses.

Public Exploit Available: False

The high CVSS score underscores the severity of this authentication weakness. Organizations utilizing EVoke CSMS must prioritize this update to prevent unauthorized control over critical infrastructure components.