How severe is CVE-2022-0878?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2022-0878?

This is classified as CWE-306, which is a common weakness in software security.

CVE-2022-0878

MEDIUM Year: 2022

CVSS v3 Score

6.5

Medium

CVSS v2 Score

3.3

Low

Weakness Type

CWE-306

View all →

Vulnerability Description

Electric Vehicle (EV) commonly utilises the Combined Charging System (CCS) for DC rapid charging. To exchange important messages such as the State of Charge (SoC) with the Electric Vehicle Supply Equipment (EVSE) CCS uses a high-bandwidth IP link provided by the HomePlug Green PHY (HPGP) power-line communication (PLC) technology. The attack interrupts necessary control communication between the vehicle and charger, causing charging sessions to abort. The attack can be conducted wirelessly from a distance using electromagnetic interference, allowing individual vehicles or entire fleets to be disrupted simultaneously. In addition, the attack can be mounted with off-the-shelf radio hardware and minimal technical knowledge. With a power budget of 1 W, the attack is successful from around 47 m distance. The exploited behavior is a required part of the HomePlug Green PHY, DIN 70121 & ISO 15118 standards and all known implementations exhibit it. In addition to electric cars, Brokenwire affects electric ships, airplanes and heavy duty vehicles utilising these standards.

CVE-2016-10364

MEDIUM

CVSS:6.5(Medium)

With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those ser...

CWE-3062016

CVE-2016-6540

MEDIUM

CVSS:6.5(Medium)

Unauthenticated access to the cloud-based service maintained by TrackR Bravo is allowed for querying or sending GPS data for any Trackr device by using the tracker ID number which can be discovered as...

CWE-3062016

CVE-2016-9496

MEDIUM

CVSS:6.5(Medium)

Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, lacks authentication. An unauthenticated user may send an HTTP GET request to http://[ip]/com/gatewayreset or http...

CWE-3062016

CVE-2017-17747

MEDIUM

CVSS:6.5(Medium)

Weak access controls in the Device Logout functionality on the TP-Link TL-SG108E v1.0.0 allow remote attackers to call the logout functionality, triggering a denial of service condition.

CWE-3062017

CVE-2017-2638

MEDIUM

CVSS:6.5(Medium)

It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a k...

CWE-3062017

CVE-2017-6872

MEDIUM

CVSS:6.5(Medium)

A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker with access to port 21/tcp to access or alter historical measurement data stored ...

CWE-3062017

CVE-2022-0878

Vulnerability Description

Related Vulnerabilities

CVE-2016-10364

CVE-2016-6540

CVE-2016-9496

CVE-2017-17747

CVE-2017-2638

CVE-2017-6872