CVE-2025-31930

A vulnerability has been identified in IEC 1Ph 7.4kW Child socket (8EM1310-2EH04-0GA0) (All versions < V2.135), IEC 1Ph 7.4kW Child socket/ shutter (8EM1310-2EN04-0GA0) (All versions < V2.135), IEC 1Ph 7.4kW Parent cable 7m (8EM1310-2EJ04-3GA1) (All versions < V2.135), IEC 1Ph 7.4kW Parent cable 7m incl. SIM (8EM1310-2EJ04-3GA2) (All versions < V2.135), IEC 1Ph 7.4kW Parent socket (8EM1310-2EH04-3GA1) (All versions < V2.135), IEC 1Ph 7.4kW Parent socket incl. SIM (8EM1310-2EH04-3GA2) (All versions < V2.135), IEC 1Ph 7.4kW Parent socket/ shutter (8EM1310-2EN04-3GA1) (All versions < V2.135), IEC 1Ph 7.4kW Parent socket/ shutter SIM (8EM1310-2EN04-3GA2) (All versions < V2.135), IEC 3Ph 22kW Child cable 7m (8EM1310-3EJ04-0GA0) (All versions < V2.135), IEC 3Ph 22kW Child socket (8EM1310-3EH04-0GA0) (All versions < V2.135), IEC 3Ph 22kW Child socket/ shutter (8EM1310-3EN04-0GA0) (All versions < V2.135), IEC 3Ph 22kW Parent cable 7m (8EM1310-3EJ04-3GA1) (All versions < V2.135), IEC 3Ph 22kW Parent cable 7m incl. SIM (8EM1310-3EJ04-3GA2) (All versions < V2.135), IEC 3Ph 22kW Parent socket (8EM1310-3EH04-3GA1) (All versions < V2.135), IEC 3Ph 22kW Parent socket incl. SIM (8EM1310-3EH04-3GA2) (All versions < V2.135), IEC 3Ph 22kW Parent socket/ shutter (8EM1310-3EN04-3GA1) (All versions < V2.135), IEC 3Ph 22kW Parent socket/ shutter SIM (8EM1310-3EN04-3GA2) (All versions < V2.135), IEC ERK 3Ph 22 kW Child cable 7m (8EM1310-3FJ04-0GA0) (All versions < V2.135), IEC ERK 3Ph 22 kW Child cable 7m (8EM1310-3FJ04-0GA1) (All versions < V2.135), IEC ERK 3Ph 22 kW Child cable 7m (8EM1310-3FJ04-0GA2) (All versions < V2.135), IEC ERK 3Ph 22 kW Child socket (8EM1310-3FH04-0GA0) (All versions < V2.135), IEC ERK 3Ph 22 kW Parent socket (8EM1310-3FH04-3GA1) (All versions < V2.135), IEC ERK 3Ph 22 kW Parent socket incl. SI (8EM1310-3FH04-3GA2) (All versions < V2.135), UL Commercial Cellular 48A NTEP (8EM1310-5HF14-1GA2) (All versions < V2.135), UL Commercial Child 40A w/ 15118 HW (8EM1310-4CF14-0GA0) (All versions < V2.135), UL Commercial Child 48A BA Compliant (8EM1315-5CG14-0GA0) (All versions < V2.135), UL Commercial Child 48A w/ 15118 HW (8EM1310-5CF14-0GA0) (All versions < V2.135), UL Commercial Parent 40A with Simcard (8EM1310-4CF14-1GA2) (All versions < V2.135), UL Commercial Parent 48A (USPS) (8EM1317-5CG14-1GA2) (All versions < V2.135), UL Commercial Parent 48A BA Compliant (8EM1315-5CG14-1GA2) (All versions < V2.135), UL Commercial Parent 48A with Simcard BA (8EM1310-5CF14-1GA2) (All versions < V2.135), UL Commercial Parent 48A, 15118, 25ft (8EM1310-5CG14-1GA1) (All versions < V2.135), UL Commercial Parent 48A, 15118, 25ft (8EM1314-5CG14-2FA2) (All versions < V2.135), UL Commercial Parent 48A, 15118, 25ft (8EM1315-5HG14-1GA2) (All versions < V2.135), UL Commercial Parent 48A,15118 25ft Sim (8EM1310-5CG14-1GA2) (All versions < V2.135), VersiCharge Blue™ 80A AC Cellular (8EM1315-7BG16-1FH2) (All versions < V2.135). Affected devices contain Modbus service enabled by default. This could allow an attacker connected to the same network to remotely control the EV charger.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://cert-portal.siemens.com/productcert/html/ssa-556937.html

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Se ha identificado una vulnerabilidad en el zócalo secundario IEC 1Ph 7.4kW (8EM1310-2EH04-0GA0) (Todas las versiones < V2.135), zócalo/obturador secundario IEC 1Ph 7.4kW (8EM1310-2EN04-0GA0) (Todas las versiones < V2.135), cable principal IEC 1Ph 7.4kW de 7 m (8EM1310-2EJ04-3GA1) (Todas las versiones < V2.135), cable principal IEC 1Ph 7.4kW de 7 m incl. SIM (8EM1310-2EJ04-3GA2) (Todas las versiones < V2.135), zócalo principal IEC 1Ph 7.4kW (8EM1310-2EH04-3GA1) (Todas las versiones < V2.135), zócalo principal IEC 1Ph 7.4kW incl. SIM (8EM1310-2EH04-3GA2) (Todas las versiones < V2.135), Toma principal/obturador IEC monofásico de 7,4 kW (8EM1310-2EN04-3GA1) (Todas las versiones < V2.135), Toma principal/obturador IEC monofásico de 7,4 kW SIM (8EM1310-2EN04-3GA2) (Todas las versiones < V2.135), Cable secundario IEC trifásico de 22 kW de 7 m (8EM1310-3EJ04-0GA0) (Todas las versiones < V2.135), Toma secundaria IEC trifásica de 22 kW (8EM1310-3EH04-0GA0) (Todas las versiones < V2.135), Toma secundaria IEC trifásica de 22 kW (8EM1310-3EN04-0GA0) (Todas las versiones < V2.135), Toma secundaria IEC trifásica de 22 kW (8EM1310-3EN04-0GA0) (Todas las versiones < V2.135), cable principal IEC 3Ph 22kW de 7 m (8EM1310-3EJ04-3GA1) (todas las versiones < V2.135), cable principal IEC 3Ph 22kW de 7 m incl. SIM (8EM1310-3EJ04-3GA2) (todas las versiones < V2.135), toma principal IEC 3Ph 22kW (8EM1310-3EH04-3GA1) (todas las versiones < V2.135), toma principal IEC 3Ph 22kW incl. SIM (8EM1310-3EH04-3GA2) (Todas las versiones < V2.135), Toma principal/obturador IEC 3Ph 22kW (8EM1310-3EN04-3GA1) (Todas las versiones < V2.135), Toma principal/obturador IEC 3Ph 22kW SIM (8EM1310-3EN04-3GA2) (Todas las versiones < V2.135), Cable secundario IEC ERK 3Ph 22 kW 7 m (8EM1310-3FJ04-0GA0) (Todas las versiones < V2.135), Cable secundario IEC ERK 3Ph 22 kW 7 m (8EM1310-3FJ04-0GA1) (Todas las versiones < V2.135), Cable secundario IEC ERK 3Ph 22 kW 7 m (8EM1310-3FJ04-0GA2) (Todas las versiones < V2.135), V2.135), toma de corriente secundaria IEC ERK 3Ph de 22 kW (8EM1310-3FH04-0GA0) (todas las versiones < V2.135), toma de corriente principal IEC ERK 3Ph de 22 kW (8EM1310-3FH04-3GA1) (todas las versiones < V2.135), toma de corriente principal IEC ERK 3Ph de 22 kW incl. SI (8EM1310-3FH04-3GA2) (Todas las versiones < V2.135), UL Commercial Cellular 48A NTEP (8EM1310-5HF14-1GA2) (Todas las versiones < V2.135), UL Commercial Child 40A con hardware 15118 (8EM1310-4CF14-0GA0) (Todas las versiones < V2.135), UL Commercial Child 48A BA Compliant (8EM1315-5CG14-0GA0) (Todas las versiones < V2.135), UL Commercial Child 48A con hardware 15118 (8EM1310-5CF14-0GA0) (Todas las versiones < V2.135), UL Commercial Parent 40A con tarjeta SIM (8EM1310-4CF14-1GA2) (Todas las versiones < V2.135), UL Commercial Parent 48A (USPS) (8EM1317-5CG14-1GA2) (Todas las versiones < V2.135), UL Commercial Parent 48A BA Compliant (8EM1315-5CG14-1GA2) (Todas las versiones < V2.135), UL Commercial Parent 48A con Simcard BA (8EM1310-5CF14-1GA2) (Todas las versiones < V2.135), UL Commercial Parent 48A, 15118, 25 pies (8EM1310-5CG14-1GA1) (Todas las versiones < V2.135), UL Commercial Parent 48A, 15118, 25 pies (8EM1314-5CG14-2FA2) (Todas las versiones < V2.135), UL Commercial Parent 48A, 15118, 25 pies (8EM1315-5HG14-1GA2) (Todas las versiones anteriores a la V2.135), UL Commercial Parent 48A,15118 25ft Sim (8EM1310-5CG14-1GA2) (Todas las versiones anteriores a la V2.135), VersiCharge Blue™ 80A AC Cellular (8EM1315-7BG16-1FH2) (Todas las versiones anteriores a la V2.135). Los dispositivos afectados tienen el servicio Modbus habilitado por defecto. Esto podría permitir que un atacante conectado a la misma red controle remotamente el cargador de vehículos eléctricos.

13 May 2025, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-13 10:15

Updated : 2026-04-15 00:35

NVD link : CVE-2025-31930

Mitre link : CVE-2025-31930

CVE.ORG link : CVE-2025-31930

JSON object : View

Products Affected

No product.

CWE

CWE-1188

Insecure Default Initialization of Resource

8.8 /10