As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
1. EXECUTIVE SUMMARY
- CVSS v4 8.7
- ATTENTION: Exploitable from adjacent network/low attack complexity
- Vendor: Siemens
- Equipment: VersiCharge AC Series EV Chargers
- Vulnerabilities: Missing Immutable Root of Trust in Hardware, Initialization of a Resource with an Insecure Default
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to gain control of the chargers through default Modbus port or execute arbitrary code by manipulating the M0 firmware.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Siemens reports that the following products are affected:
- Siemens IEC 1Ph 7.4kW Child socket (8EM1310-2EH04-0GA0): All versions (CVE-2025-31929)
- Siemens IEC 1Ph 7.4kW Parent socket (8EM1310-2EH04-3GA1): All versions prior to V2.135 (CVE-2025-31930)
- Siemens IEC 1Ph 7.4kW Parent socket incl. SIM (8EM1310-2EH04-3GA2): All versions (CVE-2025-31929)
- Siemens IEC 1Ph 7.4kW Parent socket incl. SIM (8EM1310-2EH04-3GA2): All versions prior to V2.135 (CVE-2025-31930)
- Siemens IEC 1Ph 7.4kW Parent socket/ shutter (8EM1310-2EN04-3GA1): All versions (CVE-2025-31929)
- Siemens IEC 1Ph 7.4kW Parent socket/ shutter (8EM1310-2EN04-3GA1): All versions prior to V2.135 (CVE-2025-31930
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from All CISA AdvisoriesRead the original article: