{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22541", "assignerOrgId": "50b5080a-775f-442e-83b5-926b5ca517b6", "state": "PUBLISHED", "assignerShortName": "S21sec", "dateReserved": "2026-01-07T14:01:04.829Z", "datePublished": "2026-01-07T15:12:42.368Z", "dateUpdated": "2026-01-07T15:29:55.282Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "QC 60/90/120", "vendor": "EFACEC", "versions": [{"status": "affected", "version": "8"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Aar\u00f3n Flecha Men\u00e9ndez"}, {"lang": "en", "type": "finder", "value": "Iv\u00e1n Alonso \u00c1lvarez"}, {"lang": "en", "type": "finder", "value": "V\u00edctor Bello Cuevas"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The massive sending of ICMP requests causes a denial of service on one of the boards from the EVCharger that allows control the EV interfaces. Since the board must be operating correctly for the charger to also function correctly."}], "value": "The massive sending of ICMP requests causes a denial of service on one of the boards from the EVCharger that allows control the EV interfaces. Since the board must be operating correctly for the charger to also function correctly."}], "impacts": [{"capecId": "CAPEC-125", "descriptions": [{"lang": "en", "value": "CAPEC-125 Flooding"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 8.2, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "50b5080a-775f-442e-83b5-926b5ca517b6", "shortName": "S21sec", "dateUpdated": "2026-01-07T15:12:42.368Z"}, "references": [{"url": "https://cds.thalesgroup.com/en"}], "source": {"discovery": "UNKNOWN"}, "tags": ["x_DoS", "x_ICMP", "x_ICS", "x_Charger"], "title": "DENIAL OF SERVICE VIA ICMP PACKETS", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-07T15:27:51.618694Z", "id": "CVE-2026-22541", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-07T15:29:55.282Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22541", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-07T15:27:51.618694Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-07T15:28:13.448Z"}}], "cna": {"tags": ["x_DoS", "x_ICMP", "x_ICS", "x_Charger"], "title": "DENIAL OF SERVICE VIA ICMP PACKETS", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Aar\u00f3n Flecha Men\u00e9ndez"}, {"lang": "en", "type": "finder", "value": "Iv\u00e1n Alonso \u00c1lvarez"}, {"lang": "en", "type": "finder", "value": "V\u00edctor Bello Cuevas"}], "impacts": [{"capecId": "CAPEC-125", "descriptions": [{"lang": "en", "value": "CAPEC-125 Flooding"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.2, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "EFACEC", "product": "QC 60/90/120", "versions": [{"status": "affected", "version": "8"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://cds.thalesgroup.com/en"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "The massive sending of ICMP requests causes a denial of service on one of the boards from the EVCharger that allows control the EV interfaces. Since the board must be operating correctly for the charger to also function correctly.", "supportingMedia": [{"type": "text/html", "value": "The massive sending of ICMP requests causes a denial of service on one of the boards from the EVCharger that allows control the EV interfaces. Since the board must be operating correctly for the charger to also function correctly.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "50b5080a-775f-442e-83b5-926b5ca517b6", "shortName": "S21sec", "dateUpdated": "2026-01-07T15:12:42.368Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22541", "state": "PUBLISHED", "dateUpdated": "2026-01-07T15:29:55.282Z", "dateReserved": "2026-01-07T14:01:04.829Z", "assignerOrgId": "50b5080a-775f-442e-83b5-926b5ca517b6", "datePublished": "2026-01-07T15:12:42.368Z", "assignerShortName": "S21sec"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The massive sending of ICMP requests causes a denial of service on one of the boards from the EVCharger that allows control the EV interfaces. Since the board must be operating correctly for the charger to also function correctly."}, {"lang": "es", "value": "El env\u00edo masivo de solicitudes ICMP causa una denegaci\u00f3n de servicio en una de las placas del EVCharger que permite controlar las interfaces del VE. Dado que la placa debe funcionar correctamente para que el cargador tambi\u00e9n funcione correctamente."}], "id": "CVE-2026-22541", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "50b5080a-775f-442e-83b5-926b5ca517b6", "type": "Secondary"}]}, "published": "2026-01-07T16:15:51.593", "references": [{"source": "50b5080a-775f-442e-83b5-926b5ca517b6", "url": "https://cds.thalesgroup.com/en"}], "sourceIdentifier": "50b5080a-775f-442e-83b5-926b5ca517b6", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "50b5080a-775f-442e-83b5-926b5ca517b6", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T16:54:24.886885+00:00", "value": {"mitigation_remediation": ["Obtain and install any vendor\u2011released update that fixes the ICMP denial of service issue.", "Configure device or network firewalls to rate\u2011limit or block ICMP echo requests and replies reaching the EVCharger boards.", "Segregate the charging station from untrusted networks and apply network segmentation or VLAN isolation to limit the scope of potential ICMP attacks."], "summary": {"action": "Apply Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "Vendors affected are EFACEC\u2019s QC series EVCharger boards, specifically models QC 60, QC 90 and QC 120. These boards manage the interface controlling the electric vehicle charging process. The vulnerability is documented by Thales Group and can be found on the vendor\u2019s site.", "description_and_impact": "The vulnerability arises when an attacker sends a large volume of ICMP packets to an EVCharger board. This flood overwhelms the board\u2019s processing resources and causes the board to become unresponsive, resulting in a denial of service for the electronic vehicle charging operation. The weakness is a classic denial\u2011of\u2011service flaw (CWE\u2011400) that disrupts the availability of the charging service.", "risk_and_exploitability": "Based on the description, the likely attack vector is that an attacker sends ICMP traffic from a network that can reach the charging station. The attack requires no special privileges on the target device and can be launched remotely if ICMP traversal is allowed. The CVSS base score is 8.2, indicating a high\u2011severity impact. The EPSS score is under 1\u202f%, meaning the probability of exploitation in the near term is low, and the vulnerability is not currently listed in CISA\u2019s KEV."}}}}, "created": "2026-01-08T09:48:35.537380+00:00", "updated": "2026-04-18T17:00:05.572584+00:00", "vendors": ["efacec", "efacec$PRODUCT$qc_120", "efacec$PRODUCT$qc_60", "efacec$PRODUCT$qc_90"]}