CVE-2022-0878

MEDIUM

4.6

Description

Electric Vehicle (EV) commonly utilises the Combined Charging System (CCS) for DC rapid charging. To exchange important messages such as the State of Charge (SoC) with the Electric Vehicle Supply Equipment (EVSE) CCS uses a high-bandwidth IP link provided by the HomePlug Green PHY (HPGP) power-line communication (PLC) technology. The attack interrupts necessary control communication between the vehicle and charger, causing charging sessions to abort. The attack can be conducted wirelessly from a distance using electromagnetic interference, allowing individual vehicles or entire fleets to be disrupted simultaneously. In addition, the attack can be mounted with off-the-shelf radio hardware and minimal technical knowledge. With a power budget of 1 W, the attack is successful from around 47 m distance. The exploited behavior is a required part of the HomePlug Green PHY, DIN 70121 & ISO 15118 standards and all known implementations exhibit it. In addition to electric cars, Brokenwire affects electric ships, airplanes and heavy duty vehicles utilising these standards.

Details CVE

Score CVSS v3.14.6

SeveriteMEDIUM

Vecteur CVSSCVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vecteur d'attaquePHYSICAL

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie4/12/2022

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

combined_charging_system_project:combined_charging_systemcombined_charging_system_project:combined_charging_system_firmware

Faiblesses (CWE)

CWE-306CWE-306

References

https://www.brokenwire.fail/(vulnerability@ncsc.ch)

https://www.brokenwire.fail/(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.