CVE-2026-44383
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Multiple connections to the backend using the same charging station ID are allowed, which could allow an attacker to deploy multiple instances of malicious OCPP clients to overwhelm the backend.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Hydro-Québec | Le Circuit Electrique charging station backend | 0 < June_2026 | affected |
Weaknesses
- CWE-613: CWE-613
References
- https://www.hydroquebec.com/nous-joindre/
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-01
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-188-01.json
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.