{“lastseen”:””,”description”:”WebSocket endpoints lack proper authentication mechanisms, enabling attackers to impersonate charging stations. As a result, attackers can exploit this weakness to gain unauthorized access to sensitive data or perform unauthorized actions. Given that no authentication is required, this can lead to privilege escalation and potentially compromise the security of the entire system.”,”published”:”2026-06-25T20:59:53.495Z”,”modified”:”2026-06-25T20:59:53.495Z”,”type”:”cve”,”title”:”EVoke Systems EVoke CSMS Missing Authentication for Critical Function”,”source”:”icscert”,”references”:”https:\/\/evokesystems.com\/contact-us\/\\nhttps:\/\/www.cisa.gov\/news-events\/ics-advisories\/icsa-26-176-02\\nhttps:\/\/github.com\/cisagov\/CSAF\/blob\/develop\/csaf_files\/OT\/white\/2026\/icsa-26-176-02.json”,”id”:”CVE-2026-40702″,”bulletinFamily”:””,”cwe”:[“CWE-306″],”cvelist”:null,”sourceData”:”EVoke EVoke CSMS All versions”,”sourceHref”:””,”cvss”:{“score”:9.4,”severity”:”CRITICAL”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:L”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”EVoke CSMS”,”version”:”All versions”,”vendor”:”EVoke”,”ai_description”:”Missing authentication for critical function in EVoke CSMS allows attackers to gain unauthorized access to sensitive data or perform unauthorized actions.”,”ai_severity”:”Critical”,”ai_vendor”:”EVoke Systems”,”ai_product”:”EVoke CSMS”,”ai_version”:”All versions”,”ai_score”:9.4}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”WebSocket endpoints lack proper authentication mechanisms, enabling attackers to impersonate charging stations. As a result, attackers can exploit this weakness to gain unauthorized access to…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[9,6,8,131,12,13,7,11,5],"class_list":["post-65950","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-critical","tag-cve","tag-cvss","tag-cvss-94","tag-exploit","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n