Summary
Successful exploitation of these vulnerabilities could lead to degraded service, a denial-of-service, or unauthorized remote command execution, which could lead to spoofing or a manipulation of charging station statuses.
The following versions of EVMAPA are affected:
- EVMAPA (CVE-2025-54816, CVE-2025-53968, CVE-2025-55705)
| CVSS | Vendor | Equipment | Vulnerabilities |
|---|---|---|---|
| v3 9.4 | EVMAPA | EVMAPA | Missing Authentication for Critical Function, Improper Restriction of Excessive Authentication Attempts, Insufficient Session Expiration |
Background
- Critical Infrastructure Sectors: Transportation Systems
- Countries/Areas Deployed: Czechia, Slovakia
- Company Headquarters Location: Czechia
Vulnerabilities
CVE-2025-54816
This vulnerability occurs when a WebSocket endpoint does not enforce proper authentication mechanisms, allowing unauthorized users to establish connections. As a result, attackers can exploit this weakness to gain unauthorized access to sensitive data or perform unauthorized actions. Given that no authentication is required, this can lead to privilege escalation and potentially compromise the security of the entire system.
Affected Products
EVMAPA
EVMAPA
EVMAPA EVMAPA: vers:all/*
known_affected
Remediations
Vendor fix
CVE-2025-54816: EVMAPA informed CISA some of their
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: