CISA’s CSAF advisory describes a session-management weakness in IGL-Technologies eParking.fi where charging-station identifiers are used to associate WebSocket sessions, but multiple endpoints can connect with the same session identifier. In practice, that makes session assignment predictable and can let a later connection displace the legitimate station, causing commands to be delivered to the wrong endp [truncated]
CVE-2026-31926 is a medium-severity information exposure affecting IGL-Technologies eParking.fi (all versions per the advisory). CISA says charging station authentication identifiers are publicly accessible via web-based mapping platforms. The issue does not describe direct code execution or service takeover, but it can weaken confidentiality and help an attacker identify or target EV charging infrastruct [truncated]
CVE-2026-31903 affects IGL-Technologies eParking.fi and is described by CISA as a lack of restrictions on the number of WebSocket authentication requests. In practical terms, that missing rate limiting can let a remote attacker flood authentication attempts, potentially disrupting charger telemetry or increasing the chance of brute-force access. CISA’s advisory also states that IGL-Technologies updated eP [truncated]
CVE-2026-29796 is a critical authentication weakness in IGL-Technologies eParking.fi that can let an unauthenticated attacker connect to an OCPP WebSocket endpoint, impersonate a charging station, and manipulate backend-facing charger traffic. Because the endpoint accepts a known or discovered station identifier without proper authentication, the impact can include unauthorized control of charging infrast [truncated]
