eMSP and CPOs Could Expose EV Chargers to OCPP Hijacking
It should be explicitly noted that all the described vulnerabilities in this blog were already
eMSP and CPOs Could Expose EV Chargers to OCPP Hijacking
It should be explicitly noted that all the described vulnerabilities in this blog were already
External
Smart Grid Telemetry, Data Key to Securing Distributed Energy Networks
Energy data has a key role in securing and protecting our energy future. As the global shift to decentralized energy networks keeps growing, together with the rising adoption rates of electric vehicles (EVs), cyber adversaries are finding an expanding array of opportunities to attack and exploit the dynamic energy sector.
NIST Cybersecurity Framework for EV Extreme Fast Charging Infrastructure
The Electric Vehicle and Extreme Fast Charging (EV/XFC) networks and infrastructure. The newly officialized framework combines industry standards and best practices for securing the evolving EV charging sites and networks.
ABB Terra AC Improper Authentication Can Lead To EVSE Takeover (CVE 2023-0863 & CVE 2023-0864)
The SaiFlow research team has discovered two vulnerabilities in high severity allowing remote and unauthorized users, within the range of BLE to takeover the EV charger.
The Impact of API Vulnerabilities on CSMS Services & Charging Network Operators – The Use Case of ABB ChargerSync
SaiFlow research team discovered multiple critical vulnerabilities in ChargerSync CSMS allowing adversaries to access customers’ personal information and disrupt charging operations.
May 2023 Security Advisory for ABB Terra AC Charging Station
On May 17, 2023, ABB published an advisory for CVE-2023-0863 & CVE-2023-0864, an Authentication Bypass and Plaintext Communication vulnerabilities…
Free Vending Mode Security Best Practices
Threat actors could abuse Free Vend functionality to perform energy theft by abusing the CSMS of public and private EV fleet charging sites.
NEVI Program Cybersecurity Requirements
Understand NEVI cybersecurity requirements to enhance your offering and maximize your site’s NEVI scoring criteria with Saiflow’s platform.
Hijacking EV Charge Points to Cause DoS
Cyber attackers can disable EV Charge Point and cause DoS, by exploiting Open Charge Point Protocol (OCPP). The attack method combines two new vulnerabilities that were found…