{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T01:17:39.260","vulnerabilities":[{"cve":{"id":"CVE-2022-0878","sourceIdentifier":"vulnerability@ncsc.ch","published":"2022-04-12T12:15:08.623","lastModified":"2024-11-21T06:39:35.043","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Electric Vehicle (EV) commonly utilises the Combined Charging System (CCS) for DC rapid charging. To exchange important messages such as the State of Charge (SoC) with the Electric Vehicle Supply Equipment (EVSE) CCS uses a high-bandwidth IP link provided by the HomePlug Green PHY (HPGP) power-line communication (PLC) technology. The attack interrupts necessary control communication between the vehicle and charger, causing charging sessions to abort. The attack can be conducted wirelessly from a distance using electromagnetic interference, allowing individual vehicles or entire fleets to be disrupted simultaneously. In addition, the attack can be mounted with off-the-shelf radio hardware and minimal technical knowledge. With a power budget of 1 W, the attack is successful from around 47 m distance. The exploited behavior is a required part of the HomePlug Green PHY, DIN 70121 & ISO 15118 standards and all known implementations exhibit it. In addition to electric cars, Brokenwire affects electric ships, airplanes and heavy duty vehicles utilising these standards."},{"lang":"es","value":"Los vehículos eléctricos (EV) usan comúnmente el Sistema de Carga Combinada (CCS) para la carga rápida de CC. Para intercambiar mensajes importantes como el estado de carga (SoC) con el equipo de suministro del vehículo eléctrico (EVSE), el CCS usa un enlace IP de gran ancho de banda proporcionado por la tecnología de comunicación de línea eléctrica (PLC) HomePlug Green PHY (HPGP). El ataque interrumpe la comunicación de control necesaria entre el vehículo y el cargador, causando la interrupción de las sesiones de carga. El ataque puede llevarse a cabo de forma inalámbrica a distancia usando interferencias electromagnéticas, lo que permite interrumpir simultáneamente vehículos individuales o flotas enteras. Además, el ataque puede montarse con hardware de radio disponible en el mercado y con unos conocimientos técnicos mínimos. Con un presupuesto de potencia de 1 W, el ataque presenta éxito a unos 47 m de distancia. El comportamiento explotado es una parte necesaria de las normas HomePlug Green PHY, DIN 70121 e ISO 15118 y todas las implementaciones conocidas lo presentan. Además de los coches eléctricos, Brokenwire afecta a barcos eléctricos, aviones y vehículos pesados usando estos estándares"}],"metrics":{"cvssMetricV31":[{"source":"vulnerability@ncsc.ch","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:A/AC:L/Au:N/C:N/I:N/A:P","baseScore":3.3,"accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":6.5,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"vulnerability@ncsc.ch","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:combined_charging_system_project:combined_charging_system_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.0","matchCriteriaId":"505251DB-7744-4CB3-82A9-0201A662D029"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:combined_charging_system_project:combined_charging_system:-:*:*:*:*:*:*:*","matchCriteriaId":"2ECF513C-A1EB-4765-9CD5-D46321285EBA"}]}]}],"references":[{"url":"https://www.brokenwire.fail/","source":"vulnerability@ncsc.ch","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.brokenwire.fail/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}