Memory Corruption Vulnerability in OpenV2G
Monitor6.2SSA-647005Feb 11, 2025
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
OpenV2G contains a buffer overflow vulnerability (CWE-120) in versions prior to 0.9.6 that could allow an attacker to trigger memory corruption. The vulnerability has a CVSS score of 6.2 with local attack vector, low attack complexity, and high availability impact. Siemens has released version 0.9.6 as a fix.
What this means
What could happen
A buffer overflow in OpenV2G could cause the application to crash or become unstable, disrupting EV charging communication. In worst case, an attacker could potentially execute code on the charging station controller.
Who's at risk
Electric utility operators and EV charging station owners using Siemens OpenV2G for EV charging communication should prioritize this update. This affects any charging station or vehicle-to-grid (V2G) equipment running the vulnerable OpenV2G library.
How it could be exploited
An attacker with local access to the OpenV2G process or network access to the charging station's communication interface could send a specially crafted message that overflows a buffer in the OpenV2G library, triggering memory corruption.
Prerequisites
- Local access to the system running OpenV2G
- OR network access to the EV charging station that uses OpenV2G
- OpenV2G version below 0.9.6
Buffer overflow vulnerabilityLow complexity attackMemory corruption possibleCan cause denial of service
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (1)
ProductAffected VersionsFix Status
OpenV2G< V0.9.60.9.6
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate OpenV2G to version 0.9.6 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/2140edea-12c3-410b-831e-f2b3e7915988