CVE-2026-9038
Stack-Based Buffer Overflow in Charging Controller Firmware
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: ICS-CERT
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a stack-based buffer overflow in the charging controller's signal-processing logic. It occurs because the controller does not properly validate the size of message fields supplied through the charging interface. An attacker with physical access can send message fields that exceed the expected size limits, causing memory corruption.
This memory corruption can lead to the execution of unauthorized code with elevated privileges, meaning the attacker could potentially take control of the device or system.
How can this vulnerability impact me? :
The impact of this vulnerability includes the possibility of an attacker executing unauthorized code with elevated privileges on the affected device. This could lead to full control over the charging controller or the system it is part of.
Because the attacker needs physical access to the charging interface, remote exploitation is not possible, but physical compromise could result in significant security breaches.