Initialization of a resource with an insecure default in XCharge...

8.6 / 10

HIGH

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Description

A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel intended solely for vehicle-charger signaling. The service is accessible on interfaces exposed through the charging connector, and it accepts a default administrative credential. A malicious device physically connected to the charging interface could leverage this misconfiguration to obtain full administrative access.

AI Analysis

Configuration weakness in XCharge C6 remote management service allows for default administrative credential access

Basic Information

ID CVE-2026-9039

Source icscert

Published May 28, 2026 at 19:07

Affected Product

Vendor XCharge

Product C6

Affected Versions XCharge C6 0

CWE Classification

CWE-1188

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor XCharge

Product XCharge C6

References

www.cisa.gov /news-events/ics-advisories/icsa-26-148-08

{
    "lastseen": "",
    "description": "A configuration weakness in the device\u2019s remote management service allows an authenticated session to be established over a communication channel intended solely for vehicle-charger signaling. The service is accessible on interfaces exposed through the charging connector, and it accepts a default administrative credential. A malicious device physically connected to the charging interface could leverage this misconfiguration to obtain full administrative access.",
    "published": "2026-05-28T19:07:09.065Z",
    "modified": "2026-05-28T19:07:09.065Z",
    "type": "cve",
    "title": "Initialization of a resource with an insecure default in XCharge C6",
    "source": "icscert",
    "references": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-148-08",
    "id": "CVE-2026-9039",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1188"
    ],
    "cvelist": null,
    "sourceData": "XCharge C6 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "C6",
    "version": "0",
    "vendor": "XCharge",
    "ai_description": "Configuration weakness in XCharge C6 remote management service allows for default administrative credential access",
    "ai_severity": "High",
    "ai_vendor": "XCharge",
    "ai_product": "XCharge C6",
    "ai_version": "0",
    "ai_score": 8.6
}

Initialization of a resource with an insecure default in XCharge C6_CVE-2026-9039