CVE-2026-22541: EVCharger Board DoS Vulnerability

CVE-2026-22541 Overview

CVE-2026-22541 is a denial of service vulnerability affecting EVCharger infrastructure. The vulnerability allows attackers to disrupt the operation of electric vehicle charging stations by flooding a critical control board with ICMP requests. Since the affected board is responsible for managing EV interfaces, overwhelming it with network traffic renders the entire charging station inoperable.

Critical Impact

Attackers can remotely disable EV charging infrastructure through network-based ICMP flood attacks, potentially affecting critical transportation and energy infrastructure.

Affected Products

• EVCharger control board (interface management component)
• EVCharger infrastructure systems with network-exposed control boards

Discovery Timeline

• 2026-01-07 - CVE-2026-22541 published to NVD
• 2026-01-08 - Last updated in NVD database

Technical Details for CVE-2026-22541

Vulnerability Analysis

This vulnerability is classified under CWE-400 (Uncontrolled Resource Consumption), which occurs when a system fails to properly limit the allocation of resources in response to external input. In this case, the EVCharger control board lacks adequate rate limiting or filtering mechanisms for incoming ICMP traffic.

The control board responsible for managing EV interfaces does not implement sufficient safeguards against high-volume network requests. When an attacker sends a massive number of ICMP echo requests (commonly known as a "ping flood"), the board's resources become exhausted as it attempts to process each incoming packet. This resource exhaustion causes the board to become unresponsive, which cascades into a complete failure of the charging station's ability to communicate with and control EV interfaces.

The network-accessible nature of this vulnerability means that any attacker with network connectivity to the target device can initiate an attack without requiring authentication or special privileges. The attack complexity is relatively low, as standard network tools can generate the required ICMP traffic volume.

Root Cause

The root cause of this vulnerability is uncontrolled resource consumption in the EVCharger control board's network stack. The board lacks proper rate limiting, connection throttling, or ICMP traffic filtering mechanisms that would prevent resource exhaustion under high-volume traffic conditions. This design flaw allows external network traffic to consume all available processing resources, leaving none for legitimate operational functions.

Attack Vector

The attack vector is network-based (AV:N), requiring no authentication (PR:N) and no user interaction (UI:N). An attacker can execute this denial of service attack remotely by directing a flood of ICMP packets at the vulnerable control board. The attack primarily impacts system availability (VA:H), as the control board becomes unable to perform its essential function of managing EV charging interfaces.

The attack methodology involves sending a sustained high volume of ICMP echo requests to the target board's network address. Standard network penetration testing tools and utilities such as hping3, ping with aggressive parameters, or custom scripts can generate the necessary traffic. The board's inability to differentiate between legitimate network management traffic and malicious flood traffic makes it susceptible to complete operational disruption.

Detection Methods for CVE-2026-22541

Indicators of Compromise

• Unusual spike in ICMP traffic volume directed at EVCharger control board IP addresses
• Control board unresponsiveness or intermittent connectivity issues
• Charging station operational failures coinciding with network anomalies
• Network monitoring alerts for high packet-per-second rates targeting specific endpoints

Detection Strategies

• Configure network monitoring tools to alert on ICMP traffic exceeding baseline thresholds
• Implement IDS/IPS rules to detect ICMP flood patterns targeting EVCharger infrastructure
• Monitor control board health status and correlate failures with network traffic analysis
• Deploy network flow analysis to identify sources of anomalous ICMP traffic

Monitoring Recommendations

• Establish baseline ICMP traffic patterns for EVCharger network segments
• Configure real-time alerting for traffic volume anomalies on control board interfaces
• Implement logging of ICMP traffic at network boundaries for forensic analysis
• Monitor charging station availability metrics alongside network performance data

How to Mitigate CVE-2026-22541

Immediate Actions Required

• Implement network-level ICMP rate limiting on firewalls and routers protecting EVCharger infrastructure
• Configure access control lists (ACLs) to restrict ICMP traffic to trusted management networks only
• Segment EVCharger control boards onto isolated network segments with strict ingress filtering
• Enable ICMP flood protection features on upstream network devices

Patch Information

Consult the Thales Group Security Resources for official vendor guidance and any available firmware updates addressing this vulnerability. Organizations should check with the EVCharger manufacturer for security patches or firmware updates that implement proper ICMP handling and rate limiting.

Workarounds

• Deploy upstream network filtering to drop excessive ICMP traffic before it reaches control boards
• Implement firewall rules to block ICMP traffic from untrusted network sources
• Consider disabling ICMP echo responses on control boards if not operationally required
• Use network segmentation to isolate charging infrastructure from general network access

# Example firewall configuration to rate-limit ICMP traffic
# Limit ICMP echo requests to 10 per second with burst of 20
iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 10/s --limit-burst 20 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -j DROP

# Alternatively, restrict ICMP to trusted management subnet only
iptables -A INPUT -p icmp -s 10.0.100.0/24 -j ACCEPT
iptables -A INPUT -p icmp -j DROP