CVE-2022-0878

Name of the Vulnerable Software and Affected Versions Combined Charging System (CCS) (affected versions not specified) HomePlug Green PHY (HPGP) (affected versions not specified)

Description The issue affects Electric Vehicles (EV) that utilize the Combined Charging System (CCS) for DC rapid charging, which relies on a high-bandwidth IP link provided by the HomePlug Green PHY (HPGP) power-line communication (PLC) technology to exchange important messages such as the State of Charge (SoC) with the Electric Vehicle Supply Equipment (EVSE). The attack interrupts necessary control communication between the vehicle and charger, causing charging sessions to abort. This can be conducted wirelessly from a distance using electromagnetic interference, allowing individual vehicles or entire fleets to be disrupted simultaneously. The attack can be mounted with off-the-shelf radio hardware and minimal technical knowledge, and with a power budget of 1 W, it is successful from around 47 m distance. The exploited behavior is a required part of the HomePlug Green PHY, DIN 70121 & ISO 15118 standards, and all known implementations exhibit it. In addition to electric cars, this issue affects electric ships, airplanes, and heavy-duty vehicles utilizing these standards.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.