CVE-2025-31930 is a high-severity vulnerability affecting multiple Siemens IEC electric vehicle (EV) charging devices, including various models of 1-phase and 3-phase child and parent sockets, cables, and VersiCharge Blue™ 80A AC Cellular chargers. The vulnerability arises from the Modbus service being enabled by default on these devices, which constitutes an insecure initialization of a resource (CWE-1188). Modbus is a communication protocol commonly used in industrial control systems but is not designed with strong security features. Because the Modbus service is enabled by default without proper authentication or access controls, an attacker connected to the same network can remotely access and control the EV charger. This could allow unauthorized manipulation of charging operations, potentially leading to disruption of service, damage to the device, or broader impacts on the electrical infrastructure. The affected devices include all versions prior to V2.135, covering a wide range of Siemens EV charging hardware. The CVSS v3.1 base score is 8.8, indicating a high severity with the vector AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, meaning the attack requires network access (adjacent), low complexity, no privileges or user interaction, and impacts confidentiality, integrity, and availability to a high degree. No known exploits are currently reported in the wild, but the vulnerability’s nature and Siemens’ widespread deployment of these chargers make it a significant risk.

For European organizations, this vulnerability poses a substantial risk, especially for entities operating EV charging infrastructure such as utilities, commercial parking operators, municipalities, and large enterprises with EV fleets. Exploitation could allow attackers to remotely control charging sessions, potentially causing denial of service by disabling chargers or manipulating charging parameters, which could lead to equipment damage or safety hazards. Confidentiality breaches could expose operational data or user information. Integrity impacts could allow attackers to alter charging schedules or billing data, leading to financial losses or reputational damage. Availability impacts could disrupt EV charging services, undermining trust in EV infrastructure and affecting sustainability goals. Given the increasing adoption of EVs and charging infrastructure across Europe, disruption of these systems could have cascading effects on transportation and energy sectors. The fact that exploitation requires only network adjacency means that attackers gaining access to the local network—via compromised devices, insider threats, or poorly segmented networks—could leverage this vulnerability. This elevates the risk in environments where EV chargers are connected to corporate or public networks without adequate isolation.

1. Immediate upgrade of all affected Siemens EV charging devices to firmware version V2.135 or later, where the Modbus service is presumably secured or disabled by default. 2. Network segmentation: Isolate EV charging infrastructure on dedicated VLANs or physically separate networks to limit access to trusted devices only. 3. Disable or restrict Modbus service if not required for operational purposes, or configure it to require authentication and encrypted communication if supported. 4. Implement strict access control lists (ACLs) and firewall rules to block unauthorized access to Modbus ports (typically TCP 502) from untrusted sources. 5. Monitor network traffic for unusual Modbus activity or unauthorized connection attempts to EV chargers. 6. Conduct regular security audits and vulnerability scans on EV charging infrastructure. 7. Educate operational technology (OT) and IT teams about the risks of default-enabled services and the importance of secure configurations. 8. Collaborate with Siemens support for any additional recommended security patches or configuration guidelines. These steps go beyond generic advice by focusing on network-level controls, firmware updates, and operational best practices tailored to EV charging infrastructure.