CVE-2022-0878 — MEDIUM (4.6)

Q: How severe is CVE-2022-0878?

CVE-2022-0878 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-0878?

Check the references section above for vendor advisories and patch information. Affected products include: Combined Charging System Project Combined Charging System Firmware, Combined Charging System Project Combined Charging System.

Vulnerability Description

Electric Vehicle (EV) commonly utilises the Combined Charging System (CCS) for DC rapid charging. To exchange important messages such as the State of Charge (SoC) with the Electric Vehicle Supply Equipment (EVSE) CCS uses a high-bandwidth IP link provided by the HomePlug Green PHY (HPGP) power-line communication (PLC) technology. The attack interrupts necessary control communication between the vehicle and charger, causing charging sessions to abort. The attack can be conducted wirelessly from a distance using electromagnetic interference, allowing individual vehicles or entire fleets to be disrupted simultaneously. In addition, the attack can be mounted with off-the-shelf radio hardware and minimal technical knowledge. With a power budget of 1 W, the attack is successful from around 47 m distance. The exploited behavior is a required part of the HomePlug Green PHY, DIN 70121 & ISO 15118 standards and all known implementations exhibit it. In addition to electric cars, Brokenwire affects electric ships, airplanes and heavy duty vehicles utilising these standards.

CVSS Score

4.6

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Combined Charging System Project	Combined Charging System Firmware	<= 2.0
Combined Charging System Project	Combined Charging System	-

Related Weaknesses (CWE)

CWE-306

References

https://www.brokenwire.fail/ExploitThird Party Advisory
https://www.brokenwire.fail/ExploitThird Party Advisory

FAQ

What is CVE-2022-0878?

CVE-2022-0878 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Electric Vehicle (EV) commonly utilises the Combined Charging System (CCS) for DC rapid charging. To exchange important messages such as the State of Charge (SoC) with the Electric Vehicle Supply Equi...

How severe is CVE-2022-0878?

CVE-2022-0878 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-0878?

Check the references section above for vendor advisories and patch information. Affected products include: Combined Charging System Project Combined Charging System Firmware, Combined Charging System Project Combined Charging System.