Primary

Context

Siemens VersiCharge AC Series EV Chargers Modbus Default Enablement Vulnerability Allowing Remote Control

Vulnerability

A vulnerability exists in Siemens VersiCharge AC Series EV Chargers, specifically in various IEC and UL Commercial models, all versions prior to V2.135. The issue arises from the Modbus service being enabled by default, which could permit an attacker connected to the same network to remotely control the EV charger.

Impact

Exploitation of this vulnerability could lead to unauthorized remote control of the affected EV charger.

Remediation

Siemens recommends protecting network access to affected products with appropriate security measures. For specific product remediations or mitigations, refer to the Siemens Security Advisory SSA-556937.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens VersiCharge AC Series EV Chargers Modbus Default Enablement Vulnerability Allowing Remote Control

Vulnerability

Impact

Remediation

Affected Products

Siemens VersiCharge AC Series

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating