CVE-2026-27770 identifies a vulnerability in the ePower epower.ie platform, which manages electric vehicle charging stations. The core issue is that authentication identifiers used to control or access these charging stations are publicly exposed via web-based mapping platforms. This exposure is categorized under CWE-522, indicating insufficient protection of credentials. Because these identifiers are accessible without any authentication or user interaction, attackers can potentially retrieve them remotely over the network. The vulnerability affects all versions of the product, suggesting a systemic design or configuration flaw. The CVSS 3.1 base score of 6.5 reflects a medium severity, with an attack vector over the network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and impacts on confidentiality and integrity but not availability (C:L/I:L/A:N). Although no exploits have been reported in the wild, the exposure of authentication credentials could allow unauthorized access to charging stations, enabling attackers to manipulate charging operations, disrupt service, or gather sensitive operational data. The lack of patches or mitigations currently available increases the urgency for organizations to implement compensating controls. This vulnerability highlights the risks of integrating operational technology with publicly accessible web services without adequate credential protection.

The vulnerability could lead to unauthorized access to electric vehicle charging stations managed by ePower's epower.ie platform. Attackers obtaining authentication identifiers might manipulate charging sessions, potentially causing financial losses, service disruptions, or unauthorized usage. Confidentiality is impacted as sensitive credentials are exposed, and integrity is at risk due to possible unauthorized control or data tampering. Although availability is not directly affected, indirect impacts such as denial of service through manipulation cannot be ruled out. Organizations operating charging infrastructure could face reputational damage, regulatory scrutiny, and operational challenges. The exposure also raises concerns about the security of critical infrastructure components in the growing electric vehicle ecosystem. Given the global push for EV adoption, the vulnerability could affect a wide range of stakeholders including utilities, charging network operators, and end users.

1. Restrict public access to authentication identifiers by removing or securing data exposed on web-based mapping platforms. 2. Implement strong encryption and access controls for all authentication credentials associated with charging stations. 3. Employ network segmentation to isolate charging station management systems from public-facing services. 4. Monitor network traffic and logs for unusual access patterns or attempts to retrieve authentication data. 5. Enforce multi-factor authentication and credential rotation policies where applicable. 6. Collaborate with ePower to obtain updates or patches once available and apply them promptly. 7. Conduct regular security assessments and penetration testing focused on credential exposure and access controls. 8. Educate operational staff on the risks of credential exposure and best practices for secure configuration. 9. Consider deploying anomaly detection systems to identify unauthorized charging station manipulations. 10. Engage with industry groups to share threat intelligence and mitigation strategies related to EV infrastructure security.