Multiple Vulnerabilities in VersiCharge AC Series EV Chargers

Plan Patch8.8SSA-556937May 13, 2025

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

VersiCharge AC Series EV Chargers contain two vulnerabilities: (1) an unprotected Modbus port that allows unauthenticated remote command execution, and (2) insecure M0 firmware that can be replaced with malicious code. Both vulnerabilities allow an attacker to gain control of the charger and manipulate its operation. All versions of the affected charger models are vulnerable. Siemens has not released firmware patches and recommends disabling Modbus on the VersiCloud group and restricting network access as compensating controls.

What this means

What could happen

An attacker with network access to the charger can gain full control through the unprotected Modbus port or inject malicious firmware, allowing them to disable charging, alter electrical parameters, or prevent legitimate EV charging operations.

Who's at risk

Organizations operating VersiCharge AC Series EV charging stations, including municipal and commercial EV charging networks. All IEC 1-phase (7.4 kW), 3-phase (22 kW), UL commercial (40–48 A), and residential (40–48 A) models are affected regardless of firmware version.

How it could be exploited

An attacker sends Modbus commands directly to the charger's default Modbus port without authentication, or replaces the M0 firmware with malicious code. The charger processes these commands without verification, giving the attacker direct control over charging behavior and device functions.

Prerequisites

Network access to the charger's Modbus port (default port)
No credentials required
Charger must be commissioned with Modbus enabled in its VersiCloud group

Remotely exploitableNo authentication requiredLow complexity attackNo patch available (end-of-life hardware)Affects critical charging infrastructureDefault insecure configuration

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (66)

66 pending

ProductAffected VersionsFix Status

IEC 1Ph 7.4kW Child socketAll versionsNo fix yet

IEC 1Ph 7.4kW Child socket< V2.135No fix yet

IEC 1Ph 7.4kW Child socket/ shutterAll versionsNo fix yet

IEC 1Ph 7.4kW Child socket/ shutter< V2.135No fix yet

IEC 1Ph 7.4kW Parent cable 7mAll versionsNo fix yet

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDCommission the charger and associate it to a VersiCloud group with Modbus configured to be disabled (off)

WORKAROUNDIf the Modbus setting status is unknown for a VersiCloud group, contact Siemens support to verify and disable Modbus

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGImplement network segmentation to restrict access to the charger's management interface and ports to only authorized workstations

Long-term hardening

0/1

HARDENINGMonitor Modbus port traffic to the chargers for unauthorized commands

CVEs (2)

CVE-2025-31929 CVE-2025-31930

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/888d1eaa-bcbe-41df-93e8-cba40cbae0cb