Siemens VersiCharge AC Series EV Chargers

Plan Patch8.8ICS-CERT ICSA-25-135-08May 13, 2025

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

VersiCharge AC Series EV Chargers contain two vulnerabilities (CVE-2025-31929 and CVE-2025-31930) that allow unauthenticated Modbus access and arbitrary code execution via firmware manipulation. The vulnerabilities affect multiple IEC (European) and UL (North American) connector variants across single-phase 7.4kW and three-phase 22kW models. Siemens has released firmware version 2.135 or later for products where patching is available, but many variants have no fix planned. The vulnerabilities enable an attacker to gain control of the charger, potentially disabling or disrupting EV charging operations.

What this means

What could happen

An attacker with network access to a VersiCharge AC Series EV charger could gain full control of the device through default Modbus credentials or inject arbitrary code via firmware manipulation, allowing them to disable charging, alter charging parameters, or prevent vehicle charging operations.

Who's at risk

Organizations operating Siemens VersiCharge AC Series EV charging stations, particularly commercial fleets, municipalities with charging infrastructure, and automotive facilities. Both single-phase 7.4kW and three-phase 22kW models are affected, along with UL-certified commercial and residential variants.

How it could be exploited

An attacker on the same network segment as the charger can connect to the default Modbus TCP port (502) without authentication, or craft a malicious firmware update file that bypasses validation checks and executes arbitrary code on the charger's controller.

Prerequisites

Network access to Modbus TCP port 502 on the charger
No authentication required for Modbus access
For firmware exploitation: ability to host or inject a malicious firmware image

remotely exploitableno authentication requiredlow complexity attackno patch available for many variantsaffects critical EV charging infrastructure

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (66)

32 with fix34 pending

ProductAffected VersionsFix Status

IEC 1Ph 7.4kW Child socketAll versionsNo fix yet

IEC 1Ph 7.4kW Child socket< V2.1352.135

IEC 1Ph 7.4kW Child socket/ shutterAll versionsNo fix yet

IEC 1Ph 7.4kW Child socket/ shutter< V2.1352.135

IEC 1Ph 7.4kW Parent cable 7mAll versionsNo fix yet

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDFor products with no planned fix, restrict network access to Modbus TCP port 502 using firewall rules; allow connections only from authorized management networks

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate affected VersiCharge charger models to firmware version 2.135 or later

Long-term hardening

0/3

HARDENINGSegment EV chargers onto a separate network or VLAN isolated from operational technology networks and the internet

HARDENINGImplement network monitoring to detect unauthorized Modbus connections to port 502 on charger devices

HARDENINGDisable remote management and firmware update features unless actively in use

CVEs (2)

CVE-2025-31929 CVE-2025-31930

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/6aecddca-0592-4ebe-a68a-b8fc8c7d8196