are allowed, which could allow an attacker to deploy multiple instances
of malicious OCPP clients to overwhelm the backend.
Analysis and contextual insights are available on OpenCVE Cloud.
Vendor Solution
Hydro-Québec has updated the majority of charging stations to disable OCPP, mitigating the risk of exploitation. Hydro-Québec has also implemented authentication systems to mitigate the issue for certain charging stations which are still reliant on OCPP. Contact Hydro-Québec with any additional questions.
Tracking
Sign in to view the affected projects.
No advisories yet.
Fri, 10 Jul 2026 22:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Multiple connections to the backend using the same charging station ID are allowed, which could allow an attacker to deploy multiple instances of malicious OCPP clients to overwhelm the backend. | |
| Title | Hydro-Québec Le Circuit Electrique charging station backend Insufficient Session Expiration | |
| Weaknesses | CWE-613 | |
| References |
| |
| Metrics |
cvssV3_1
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: icscert
Published:
Updated: 2026-07-10T22:11:16.866Z
Reserved: 2026-05-07T16:55:26.145Z
Link: CVE-2026-44383
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-11T03:45:16Z