Remote Control Vulnerability in EV Chargers from Siemens
CVE-2025-31930

8.7HIGH

Key Information:

Vendor: Siemens
Status: Iec 1ph 7.4kw Child Socket; Iec 1ph 7.4kw Child Socket/ Shutter; Iec 1ph 7.4kw Parent Cable 7m; Iec 1ph 7.4kw Parent Cable 7m Incl. Sim
Vendor: CVE Published:; 13 May 2025

What is CVE-2025-31930?

A serious flaw has been discovered in various Siemens EV chargers due to the Modbus service being enabled by default. This configuration error allows attackers with network access to remotely control these devices, which can lead to significant security breaches. Users of affected models, particularly those prior to version V2.135, should take immediate action to secure their networks and update their devices to mitigate potential risks.

Affected Version(s)

IEC 1Ph 7.4kW Child socket 0

IEC 1Ph 7.4kW Child socket/ shutter 0

IEC 1Ph 7.4kW Parent cable 7m 0

References

https://cert-portal.siemens.com/productcert/html/ssa-5569...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
May 13, 2025
Vulnerability Reserved
Apr 1, 2025