SaiFlow's Blog

Featured

energy network fusion for cybersecurity

Why Contextual Cybersecurity Matters in Energy Networks

Energy networks separate network security data and energy operational data into silos. Security teams see cyber activity, operators see power performance. This division creates blind spots where threats hide until major incidents occur. Protection requires unified visibility.

Latest insights and industry updates

image of a traffic control center (for a mobility and transportation)

The Impact of API Vulnerabilities on CSMS Services & Charging Network Operators – The Use Case of ABB ChargerSync

SaiFlow research team discovered multiple critical vulnerabilities in ChargerSync CSMS allowing adversaries to access customers’ personal information and disrupt charging operations.
image of a traffic control center (for a mobility and transportation)

May 2023 Security Advisory for ABB Terra AC Charging Station

On May 17, 2023, ABB published an advisory for CVE-2023-0863 & CVE-2023-0864, an Authentication Bypass and Plaintext Communication vulnerabilities.
image of a traffic control center (for a mobility and transportation)

Free Vending Mode Security Best Practices

Threat actors could abuse Free Vend functionality to perform energy theft by abusing the CSMS of public and private EV fleet charging sites.
image of a traffic control center (for a mobility and transportation)

NEVI Program Cybersecurity Requirements

Understand NEVI cybersecurity requirements to enhance your offering and maximize your site’s NEVI scoring criteria with Saiflow's platform.
image of a traffic control center (for a mobility and transportation)

How Mishandling of WebSockets Can Cause DoS and Energy Theft

The SaiFlow Research Team recently discovered a flaw in the implementations of management systems for Smart EV charger points (Charging Stations Management Systems – CSMS) allowing attackers to cause Denial of Services (DoS) and perform energy theft.
image of a traffic control center (for a mobility and transportation)

Hijacking EV Charge Points to Cause DoS

Cyber attackers can disable EV Charge Point and cause DoS, by exploiting Open Charge Point Protocol (OCPP). The attack method combines two new vulnerabilities that were found...