PatchSiren

Hydro-Québec CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Hydro-Québec CVE published 2026-07-10

CVE-2026-44383

CVE-2026-44383 is a high-severity vulnerability with a CVSS score of 8.7. Multiple connections to the backend using the same charging station ID are allowed, which could allow an attacker to deploy multiple instances of malicious OCPP clients to overwhelm the backend. This vulnerability affects organizations using charging stations and OCPP clients. The CVE record was published on 2026-07-10T23:16:48.343Z [truncated]

HIGH Hydro-Québec CVE published 2026-07-10

CVE-2026-42952

A high-severity vulnerability, CVE-2026-42952, was found in an unknown vendor's charging station backend. The issue allows an attacker to execute a denial-of-service attack due to a lack of throttling on repeated authentication attempts. The CVE record was published on 2026-07-10T23:16:48.203Z and has not been modified since then. This vulnerability is categorized under CWE-307 and has a CVSS score of 8.7 [truncated]