CVE-2022-0878 (GCVE-0-2022-0878)

Vulnerability from cvelistv5 – Published: 2022-04-12 12:00 – Updated: 2024-09-16 23:40
VLAI
Title
Novel attack against the Combined Charging System (CCS) in electric vehicles to remotely cause a denial of service
Summary
Electric Vehicle (EV) commonly utilises the Combined Charging System (CCS) for DC rapid charging. To exchange important messages such as the State of Charge (SoC) with the Electric Vehicle Supply Equipment (EVSE) CCS uses a high-bandwidth IP link provided by the HomePlug Green PHY (HPGP) power-line communication (PLC) technology. The attack interrupts necessary control communication between the vehicle and charger, causing charging sessions to abort. The attack can be conducted wirelessly from a distance using electromagnetic interference, allowing individual vehicles or entire fleets to be disrupted simultaneously. In addition, the attack can be mounted with off-the-shelf radio hardware and minimal technical knowledge. With a power budget of 1 W, the attack is successful from around 47 m distance. The exploited behavior is a required part of the HomePlug Green PHY, DIN 70121 & ISO 15118 standards and all known implementations exhibit it. In addition to electric cars, Brokenwire affects electric ships, airplanes and heavy duty vehicles utilising these standards.
Severity
4.6 (Medium)
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE
  • CWE-306 - Missing Authentication for Critical Function
Assigner
References
URL Tags
https://www.brokenwire.fail/ x_refsource_CONFIRM
Impacted products
Vendor Product Version
Combined Charging System Combined Charging System Affected: Current version , ≤ 2.0 (custom)
Create a notification for this product.
Combined Charging System HomePlug GreenPHY Affected: Current version , ≤ 1.1 (custom)
Create a notification for this product.
Date Public
2022-08-01 00:00
Credits
Sebastian Köhler, University of Oxford Richard Baker, University of Oxford Martin Strohmeier, Armasuisse S+T Ivan Martinovic, University of Oxford
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:40:04.564Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.brokenwire.fail/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Combined Charging System",
          "vendor": "Combined Charging System",
          "versions": [
            {
              "lessThanOrEqual": "2.0",
              "status": "affected",
              "version": "Current version",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "HomePlug GreenPHY",
          "vendor": "Combined Charging System",
          "versions": [
            {
              "lessThanOrEqual": "1.1",
              "status": "affected",
              "version": "Current version",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Sebastian K\u00f6hler, University of Oxford"
        },
        {
          "lang": "en",
          "value": "Richard Baker, University of Oxford"
        },
        {
          "lang": "en",
          "value": "Martin Strohmeier, Armasuisse S+T"
        },
        {
          "lang": "en",
          "value": "Ivan Martinovic, University of Oxford"
        }
      ],
      "datePublic": "2022-08-01T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Electric Vehicle (EV) commonly utilises the Combined Charging System (CCS) for DC rapid charging. To exchange important messages such as the State of Charge (SoC) with the Electric Vehicle Supply Equipment (EVSE) CCS uses a high-bandwidth IP link provided by the HomePlug Green PHY (HPGP) power-line communication (PLC) technology. The attack interrupts necessary control communication between the vehicle and charger, causing charging sessions to abort. The attack can be conducted wirelessly from a distance using electromagnetic interference, allowing individual vehicles or entire fleets to be disrupted simultaneously. In addition, the attack can be mounted with off-the-shelf radio hardware and minimal technical knowledge. With a power budget of 1 W, the attack is successful from around 47 m distance. The exploited behavior is a required part of the HomePlug Green PHY, DIN 70121 \u0026 ISO 15118 standards and all known implementations exhibit it. In addition to electric cars, Brokenwire affects electric ships, airplanes and heavy duty vehicles utilising these standards."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306 Missing Authentication for Critical Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-12T12:00:23.000Z",
        "orgId": "455daabc-a392-441d-aa46-37d35189897c",
        "shortName": "NCSC.ch"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.brokenwire.fail/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Novel attack against the Combined Charging System (CCS) in electric vehicles to remotely cause a denial of service",
      "workarounds": [
        {
          "lang": "en",
          "value": "Using stronger shielded cables and securing the physical paramater might reducing the viability of this attack.\nRight now, the only way to prevent the attack is not to charge on a DC rapid charger."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "AKA": "Brokenwire",
          "ASSIGNER": "vulnerability@ncsc.ch",
          "DATE_PUBLIC": "2022-08-01T06:41:00.000Z",
          "ID": "CVE-2022-0878",
          "STATE": "PUBLIC",
          "TITLE": "Novel attack against the Combined Charging System (CCS) in electric vehicles to remotely cause a denial of service"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Combined Charging System",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "Current version",
                            "version_value": "2.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "HomePlug GreenPHY",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "Current version",
                            "version_value": "1.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Combined Charging System"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Sebastian K\u00f6hler, University of Oxford"
          },
          {
            "lang": "eng",
            "value": "Richard Baker, University of Oxford"
          },
          {
            "lang": "eng",
            "value": "Martin Strohmeier, Armasuisse S+T"
          },
          {
            "lang": "eng",
            "value": "Ivan Martinovic, University of Oxford"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Electric Vehicle (EV) commonly utilises the Combined Charging System (CCS) for DC rapid charging. To exchange important messages such as the State of Charge (SoC) with the Electric Vehicle Supply Equipment (EVSE) CCS uses a high-bandwidth IP link provided by the HomePlug Green PHY (HPGP) power-line communication (PLC) technology. The attack interrupts necessary control communication between the vehicle and charger, causing charging sessions to abort. The attack can be conducted wirelessly from a distance using electromagnetic interference, allowing individual vehicles or entire fleets to be disrupted simultaneously. In addition, the attack can be mounted with off-the-shelf radio hardware and minimal technical knowledge. With a power budget of 1 W, the attack is successful from around 47 m distance. The exploited behavior is a required part of the HomePlug Green PHY, DIN 70121 \u0026 ISO 15118 standards and all known implementations exhibit it. In addition to electric cars, Brokenwire affects electric ships, airplanes and heavy duty vehicles utilising these standards."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-306 Missing Authentication for Critical Function"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.brokenwire.fail/",
              "refsource": "CONFIRM",
              "url": "https://www.brokenwire.fail/"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Using stronger shielded cables and securing the physical paramater might reducing the viability of this attack.\nRight now, the only way to prevent the attack is not to charge on a DC rapid charger."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
    "assignerShortName": "NCSC.ch",
    "cveId": "CVE-2022-0878",
    "datePublished": "2022-04-12T12:00:23.108Z",
    "dateReserved": "2022-03-07T00:00:00.000Z",
    "dateUpdated": "2024-09-16T23:40:53.292Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-0878",
      "date": "2026-05-30",
      "epss": "0.00192",
      "percentile": "0.40948"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-0878\",\"sourceIdentifier\":\"vulnerability@ncsc.ch\",\"published\":\"2022-04-12T12:15:08.623\",\"lastModified\":\"2024-11-21T06:39:35.043\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Electric Vehicle (EV) commonly utilises the Combined Charging System (CCS) for DC rapid charging. To exchange important messages such as the State of Charge (SoC) with the Electric Vehicle Supply Equipment (EVSE) CCS uses a high-bandwidth IP link provided by the HomePlug Green PHY (HPGP) power-line communication (PLC) technology. The attack interrupts necessary control communication between the vehicle and charger, causing charging sessions to abort. The attack can be conducted wirelessly from a distance using electromagnetic interference, allowing individual vehicles or entire fleets to be disrupted simultaneously. In addition, the attack can be mounted with off-the-shelf radio hardware and minimal technical knowledge. With a power budget of 1 W, the attack is successful from around 47 m distance. The exploited behavior is a required part of the HomePlug Green PHY, DIN 70121 \u0026 ISO 15118 standards and all known implementations exhibit it. In addition to electric cars, Brokenwire affects electric ships, airplanes and heavy duty vehicles utilising these standards.\"},{\"lang\":\"es\",\"value\":\"Los veh\u00edculos el\u00e9ctricos (EV) usan com\u00fanmente el Sistema de Carga Combinada (CCS) para la carga r\u00e1pida de CC. Para intercambiar mensajes importantes como el estado de carga (SoC) con el equipo de suministro del veh\u00edculo el\u00e9ctrico (EVSE), el CCS usa un enlace IP de gran ancho de banda proporcionado por la tecnolog\u00eda de comunicaci\u00f3n de l\u00ednea el\u00e9ctrica (PLC) HomePlug Green PHY (HPGP). El ataque interrumpe la comunicaci\u00f3n de control necesaria entre el veh\u00edculo y el cargador, causando la interrupci\u00f3n de las sesiones de carga. El ataque puede llevarse a cabo de forma inal\u00e1mbrica a distancia usando interferencias electromagn\u00e9ticas, lo que permite interrumpir simult\u00e1neamente veh\u00edculos individuales o flotas enteras. Adem\u00e1s, el ataque puede montarse con hardware de radio disponible en el mercado y con unos conocimientos t\u00e9cnicos m\u00ednimos. Con un presupuesto de potencia de 1 W, el ataque presenta \u00e9xito a unos 47 m de distancia. El comportamiento explotado es una parte necesaria de las normas HomePlug Green PHY, DIN 70121 e ISO 15118 y todas las implementaciones conocidas lo presentan. Adem\u00e1s de los coches el\u00e9ctricos, Brokenwire afecta a barcos el\u00e9ctricos, aviones y veh\u00edculos pesados usando estos est\u00e1ndares\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"vulnerability@ncsc.ch\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":4.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":3.3,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.5,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"vulnerability@ncsc.ch\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:combined_charging_system_project:combined_charging_system_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.0\",\"matchCriteriaId\":\"505251DB-7744-4CB3-82A9-0201A662D029\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:combined_charging_system_project:combined_charging_system:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2ECF513C-A1EB-4765-9CD5-D46321285EBA\"}]}]}],\"references\":[{\"url\":\"https://www.brokenwire.fail/\",\"source\":\"vulnerability@ncsc.ch\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.brokenwire.fail/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.