CVE 9.4 CRITICAL

EVoke Systems EVoke CSMS Missing Authentication for Critical Function_CVE-2026-40702

June 25, 2026 invoker category_cve

9.4 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Description

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to impersonate charging stations. As a result, attackers can exploit this weakness to gain unauthorized access to sensitive data or perform unauthorized actions. Given that no authentication is required, this can lead to privilege escalation and potentially compromise the security of the entire system.

AI Analysis

Missing authentication for critical function in EVoke CSMS allows attackers to gain unauthorized access to sensitive data or perform unauthorized actions.

Basic Information

ID CVE-2026-40702

Source icscert

Published Jun 25, 2026 at 20:59

Affected Product

Vendor EVoke

Product EVoke CSMS

Version All versions

Affected Versions EVoke EVoke CSMS All versions

CWE Classification

CWE-306

AI Assessment

AI Score 9.4 / 10

AI Severity Critical

Vendor EVoke Systems

Product EVoke CSMS

Version All versions

References

{
    "lastseen": "",
    "description": "WebSocket endpoints lack proper authentication mechanisms, enabling attackers to impersonate charging stations. As a result, attackers can exploit this weakness to gain unauthorized access to sensitive data or perform unauthorized actions. Given that no authentication is required, this can lead to privilege escalation and potentially compromise the security of the entire system.",
    "published": "2026-06-25T20:59:53.495Z",
    "modified": "2026-06-25T20:59:53.495Z",
    "type": "cve",
    "title": "EVoke Systems EVoke CSMS Missing Authentication for Critical Function",
    "source": "icscert",
    "references": "https://evokesystems.com/contact-us/\nhttps://www.cisa.gov/news-events/ics-advisories/icsa-26-176-02\nhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-176-02.json",
    "id": "CVE-2026-40702",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306"
    ],
    "cvelist": null,
    "sourceData": "EVoke EVoke CSMS All versions",
    "sourceHref": "",
    "cvss": {
        "score": 9.4,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "EVoke CSMS",
    "version": "All versions",
    "vendor": "EVoke",
    "ai_description": "Missing authentication for critical function in EVoke CSMS allows attackers to gain unauthorized access to sensitive data or perform unauthorized actions.",
    "ai_severity": "Critical",
    "ai_vendor": "EVoke Systems",
    "ai_product": "EVoke CSMS",
    "ai_version": "All versions",
    "ai_score": 9.4
}

💭 Join the Security Discussion ❌ Cancel Reply