PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-27773 SWITCH EV CVE debrief

CVE-2026-27773 is a medium-severity exposure affecting SWTCH EV charging infrastructure, where authentication identifiers are publicly accessible via web-based mapping platforms. The main risk is reconnaissance: exposed identifiers can help an attacker identify and target charging assets, even if the advisory does not describe direct code execution or confirmed compromise. CISA published the advisory on 2026-02-26 and updated it on 2026-05-14 to adjust vendor spelling and add mitigations provided by SWTCH.

Vendor
SWITCH EV
Product
SWTCH EV swtchenergy.com vers:all/*
CVSS
MEDIUM 6.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-02-26
Original CVE updated
2026-05-14
Advisory published
2026-02-26
Advisory updated
2026-05-14

Who should care

Operators and owners of SWTCH EV charging stations, EV charging infrastructure administrators, site reliability teams, and security teams responsible for OT/edge-connected equipment should review this advisory. Organizations that rely on mapping or discovery services for charger visibility should also verify what authentication-related identifiers are exposed publicly.

Technical summary

The advisory states that charging station authentication identifiers are publicly accessible through web-based mapping platforms. That exposure suggests an information-disclosure weakness rather than a direct device takeover path. CISA’s revision history says Update A added mitigations from SWTCH, including configuration changes for initial connections from untrusted chargers, additional scrutiny for onboarding and new connections, compensating monitoring and IP-based restrictions, and notes that some existing chargers may remain limited by legacy firmware or SSL/TLS compatibility constraints.

Defensive priority

Moderate. The issue is externally observable and can assist targeting, but the advisory does not indicate active exploitation or KEV listing. Prioritize exposure review and mitigation for internet-reachable or publicly indexed charger data, especially where legacy devices or compatibility constraints may limit immediate enforcement.

Recommended defensive actions

  • Review whether charger authentication identifiers or related metadata are exposed through public mapping or discovery platforms.
  • Apply SWTCH-provided mitigations and configuration changes intended to enforce stronger checks for initial connections from untrusted chargers.
  • Validate that newly onboarded and newly connected devices are subject to the updated authentication, connection-control, and ingress-protection requirements.
  • For deployed chargers with legacy firmware or SSL/TLS compatibility limitations, assess upgrade feasibility or retirement timelines.
  • Use compensating controls such as monitoring and IP-based access restrictions to reduce exposure during remediation.
  • Refer to the SWTCH Security portal for vendor guidance and remediation details.
  • Coordinate with SWTCH support if your environment cannot fully enforce the updated security policy because of device-specific constraints.

Evidence notes

Primary evidence comes from the CISA CSAF advisory ICSA-26-057-06 / CVE-2026-27773, which explicitly says charging station authentication identifiers are publicly accessible via web-based mapping platforms. The advisory’s Update A revision history states that mitigations were added by SWTCH and that the vendor name was adjusted for accuracy. The provided advisory references include the official CISA advisory page and general CISA ICS guidance resources.

Official resources

CISA published the advisory and CVE on 2026-02-26 and updated it on 2026-05-14 (Update A). The source indicates the update added mitigations from SWTCH and corrected vendor spelling. No KEV entry is provided in the supplied corpus.