CVE-2022-0878— Novel attack against the Combined Charging System (CCS) in electric vehicles to remotely cause a denial of service
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-0878
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Novel attack against the Combined Charging System (CCS) in electric vehicles to remotely cause a denial of service
Source: NVD (National Vulnerability Database)
Vulnerability Description
Electric Vehicle (EV) commonly utilises the Combined Charging System (CCS) for DC rapid charging. To exchange important messages such as the State of Charge (SoC) with the Electric Vehicle Supply Equipment (EVSE) CCS uses a high-bandwidth IP link provided by the HomePlug Green PHY (HPGP) power-line communication (PLC) technology. The attack interrupts necessary control communication between the vehicle and charger, causing charging sessions to abort. The attack can be conducted wirelessly from a distance using electromagnetic interference, allowing individual vehicles or entire fleets to be disrupted simultaneously. In addition, the attack can be mounted with off-the-shelf radio hardware and minimal technical knowledge. With a power budget of 1 W, the attack is successful from around 47 m distance. The exploited behavior is a required part of the HomePlug Green PHY, DIN 70121 & ISO 15118 standards and all known implementations exhibit it. In addition to electric cars, Brokenwire affects electric ships, airplanes and heavy duty vehicles utilising these standards.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
关键功能的认证机制缺失
Source: NVD (National Vulnerability Database)
Vulnerability Title
Combined Charging System 访问控制错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Combined Charging System(CCS)是一个组合充电系统。 Combined Charging System (CCS) for DC存在安全漏洞,攻击可以使用电磁干扰从远处以无线方式中断了车辆和充电器之间必要的控制通信,导致充电会话中止,从而可以同时破坏单个车辆或整个车队。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Combined Charging System | Combined Charging System | Current version ~ 2.0 | - | |
| Combined Charging System | HomePlug GreenPHY | Current version ~ 1.1 | - |
II. Public POCs for CVE-2022-0878
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-0878
请登录查看更多情报信息。
- https://www.brokenwire.fail/x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2022-0878
IV. Related Vulnerabilities
Same weakness: CWE-306
- CVE-2021-47940
WordPress Download From Files 1.48 Arbitrary File Upload - CVE-2021-47936
OpenCATS 0.9.4 Remote Code Execution via Resume Upload - CVE-2021-47933
WordPress MStore API 2.0.6 Arbitrary File Upload - CVE-2026-8185
UGREEN CM933 Administrative missing authentication - CVE-2026-42302
FastGPT: Unauthenticated Remote Code Execution (RCE) via cod
V. Comments for CVE-2022-0878
No comments yet