Sign-up

ID

VAR-202204-1428


CVE

CVE-2022-0878


TITLE

combined charging system project  of  combined charging system  Vulnerability related to lack of authentication for critical functions in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2022-008564

DESCRIPTION

Electric Vehicle (EV) commonly utilises the Combined Charging System (CCS) for DC rapid charging. To exchange important messages such as the State of Charge (SoC) with the Electric Vehicle Supply Equipment (EVSE) CCS uses a high-bandwidth IP link provided by the HomePlug Green PHY (HPGP) power-line communication (PLC) technology. The attack interrupts necessary control communication between the vehicle and charger, causing charging sessions to abort. The attack can be conducted wirelessly from a distance using electromagnetic interference, allowing individual vehicles or entire fleets to be disrupted simultaneously. In addition, the attack can be mounted with off-the-shelf radio hardware and minimal technical knowledge. With a power budget of 1 W, the attack is successful from around 47 m distance. The exploited behavior is a required part of the HomePlug Green PHY, DIN 70121 & ISO 15118 standards and all known implementations exhibit it. In addition to electric cars, Brokenwire affects electric ships, airplanes and heavy duty vehicles utilising these standards. combined charging system project of combined charging system Firmware has a lack of authentication vulnerability for critical functionality.Service operation interruption (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-0878 // JVNDB: JVNDB-2022-008564 // VULMON: CVE-2022-0878

IOT TAXONOMY

category:['vehicle device']sub_category:vehicle

Trust: 0.1

category:['vehicle device']sub_category:vehicle charger

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:combined charging systemmodel:combined charging systemscope:lteversion:2.0

Trust: 1.0

vendor:combined charging systemmodel:combined charging systemscope:eqversion: -

Trust: 0.8

vendor:combined charging systemmodel:combined charging systemscope: - version: -

Trust: 0.8

vendor:combined charging systemmodel:combined charging systemscope:lteversion:combined charging system firmware 2.0 and earlier

Trust: 0.8

sources: JVNDB: JVNDB-2022-008564 // NVD: CVE-2022-0878

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-0878
value: MEDIUM

Trust: 1.0

vulnerability@ncsc.ch: CVE-2022-0878
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-0878
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202204-3148
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-0878
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2022-0878
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

vulnerability@ncsc.ch: CVE-2022-0878
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2022-0878
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-008564 // CNNVD: CNNVD-202204-3148 // NVD: CVE-2022-0878 // NVD: CVE-2022-0878

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.0

problemtype:Lack of authentication for critical features (CWE-306) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-008564 // NVD: CVE-2022-0878

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202204-3148

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202204-3148

EXTERNAL IDS

db:NVDid:CVE-2022-0878

Trust: 3.4

db:JVNDBid:JVNDB-2022-008564

Trust: 0.8

db:CNNVDid:CNNVD-202204-3148

Trust: 0.6

db:OTHERid:NONE

Trust: 0.1

db:VULMONid:CVE-2022-0878

Trust: 0.1

sources: OTHER: None // VULMON: CVE-2022-0878 // JVNDB: JVNDB-2022-008564 // CNNVD: CNNVD-202204-3148 // NVD: CVE-2022-0878

REFERENCES

url:https://www.brokenwire.fail/

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-0878

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-0878/

Trust: 0.6

url:https://ieeexplore.ieee.org/abstract/document/10769424

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: OTHER: None // VULMON: CVE-2022-0878 // JVNDB: JVNDB-2022-008564 // CNNVD: CNNVD-202204-3148 // NVD: CVE-2022-0878

SOURCES

db:OTHERid: -
db:VULMONid:CVE-2022-0878
db:JVNDBid:JVNDB-2022-008564
db:CNNVDid:CNNVD-202204-3148
db:NVDid:CVE-2022-0878

LAST UPDATE DATE

2025-01-30T20:24:56.609000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2022-0878date:2022-04-12T00:00:00
db:JVNDBid:JVNDB-2022-008564date:2023-07-27T08:19:00
db:CNNVDid:CNNVD-202204-3148date:2022-04-28T00:00:00
db:NVDid:CVE-2022-0878date:2024-11-21T06:39:35.043

SOURCES RELEASE DATE

db:VULMONid:CVE-2022-0878date:2022-04-12T00:00:00
db:JVNDBid:JVNDB-2022-008564date:2023-07-27T00:00:00
db:CNNVDid:CNNVD-202204-3148date:2022-04-12T00:00:00
db:NVDid:CVE-2022-0878date:2022-04-12T12:15:08.623