9.8
CVE-2026-20792
- EPSS 0.48%
- Veröffentlicht 26.02.2026 23:06:29
- Zuletzt bearbeitet 05.03.2026 20:16:12
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginChargemap chargemap.com Improper Restriction of Excessive Authentication Attempts
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or misrouting legitimate charger telemetry, or conduct brute-force attacks to gain unauthorized access.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.48% | 0.374 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| ics-cert@hq.dhs.gov | 8.7 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| ics-cert@hq.dhs.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-307 Improper Restriction of Excessive Authentication Attempts
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.
https://chargemap.com/en-us/support
https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-05
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-05.json