1. EXECUTIVE SUMMARY
- CVSS v4 7.2
- ATTENTION: Low Attack Complexity
- Standard: ISO 15118-2 Network and Application Protocol Requirements
- Equipment: EV Car Chargers
- Vulnerability: Improper Restriction of Communication Channel to Intended Endpoints
2. RISK EVALUATION
Successful exploitation of this vulnerability could result in man-in-the-middle attacks.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following ISO 15118 part is affected:
- ISO 15118 standard: Part 15118-2 Network and Application Protocol Requirements
3.2 VULNERABILITY OVERVIEW
3.2.1 IMPROPER RESTRICTION OF COMMUNICATION CHANNEL TO INTENDED ENDPOINTS CWE-923
By manipulating the Signal Level Attenuation Characterization (SLAC) protocol with spoofed measurements, an attacker can stage a man-in-the-middle attack between an electric vehicle and chargers that comply with the ISO 15118-2 part. This vulnerability may be exploitable wirelessly, within close proximity, via electromagnetic induction.
CVE-2025-12357 has been assigned to this vulnerability. A CVSS v3 base score of 8.3 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H).
A CVSS v4 score has also been calculated for CVE-2025-12357. A base score of 7.2 has been calculated; the CVSS vector string is (AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N).
3.3 BACKGROUND
- CRITICAL INFRASTRUCTURE SECTORS: Transporta
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from All CISA AdvisoriesRead the original article: