Electric Vehicle (EV) commonly utilises the Combined Charging System (CCS) for DC rapid charging. To exchange important messages such as the State of Charge (SoC) with the Electric Vehicle Supply Equipment (EVSE) CCS uses a high-bandwidth IP link provided by the HomePlug Green PHY (HPGP) power-line communication (PLC) technology. The attack interrupts necessary control communication between the vehicle and charger, causing charging sessions to abort. The attack can be conducted wirelessly from a distance using electromagnetic interference, allowing individual vehicles or entire fleets to be disrupted simultaneously. In addition, the attack can be mounted with off-the-shelf radio hardware and minimal technical knowledge. With a power budget of 1 W, the attack is successful from around 47 m distance. The exploited behavior is a required part of the HomePlug Green PHY, DIN 70121 & ISO 15118 standards and all known implementations exhibit it. In addition to electric cars, Brokenwire affects electric ships, airplanes and heavy duty vehicles utilising these standards.
Published 2022-04-12 12:15:09
Updated 2022-04-27 14:52:18
View at NVD,   CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2022-0878

0.05%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 17 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-0878

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
3.3
LOW AV:A/AC:L/Au:N/C:N/I:N/A:P
6.5
2.9
NIST
6.5
MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.8
3.6
NIST
4.6
MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.9
3.6
Switzerland Government Common Vulnerability Program

CWE ids for CVE-2022-0878

  • The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
    Assigned by:
    • nvd@nist.gov (Primary)
    • vulnerability@ncsc.ch (Secondary)

References for CVE-2022-0878

Products affected by CVE-2022-0878

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!