{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T04:51:26.442","vulnerabilities":[{"cve":{"id":"CVE-2024-4622","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2024-05-15T17:15:16.010","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"If misconfigured, alpitronic Hypercharger EV charging devices can expose a web interface \nprotected by authentication. If the default credentials are not changed,\n an attacker can use public knowledge to access the device as an \nadministrator."},{"lang":"es","value":"Si están mal configurados, los dispositivos de carga alpitronic Hypercharger EV pueden exponer una interfaz web protegida por autenticación. Si no se cambian las credenciales predeterminadas, un atacante puede utilizar el conocimiento público para acceder al dispositivo como administrador."}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-1392"}]}],"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-24-130-02","source":"ics-cert@hq.dhs.gov"},{"url":"https://industrydecarbonization.com/news/insecure-password-allowed-administrative-access-to-electric-vehicle-chargers.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-24-130-02","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}