← Back
2025-10-31 15:33CVE-2025-12357icscert
PUBLISHED5.2CWE-923

International Standards Organization ISO 15118-2 Improper Restriction of Communication Channel to Intended Endpoints

By manipulating the Signal Level Attenuation Characterization (SLAC)

protocol with spoofed measurements, an attacker can stage a

man-in-the-middle attack between an electric vehicle and chargers that

comply with the ISO 15118-2 part. This vulnerability may be exploitable

wirelessly, within close proximity, via electromagnetic induction.

Problem type

Affected products

ISO 15118-2 Network and Application Protocol Requirements

EV Car Chargers

Part 15118-2 Network and Application Protocol Requirements - AFFECTED

References

iec.ch

https://www.iec.ch/contact?id=40499

cisa.gov

https://www.cisa.gov/news-events/ics-advisories/icsa-25-303-01

github.com

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-303-01.json

JSON source

Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2025-12357",
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "dateUpdated": "2025-10-31T15:33:48.343Z",
    "dateReserved": "2025-10-27T16:05:18.413Z",
    "datePublished": "2025-10-31T15:33:48.343Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert",
        "dateUpdated": "2025-10-31T15:33:48.343Z"
      },
      "title": "International Standards Organization ISO 15118-2 Improper Restriction of Communication Channel to Intended Endpoints",
      "descriptions": [
        {
          "lang": "en",
          "value": "By manipulating the Signal Level Attenuation Characterization (SLAC) \nprotocol with spoofed measurements, an attacker can stage a \nman-in-the-middle attack between an electric vehicle and chargers that \ncomply with the ISO 15118-2 part. This vulnerability may be exploitable \nwirelessly, within close proximity, via electromagnetic induction.",
          "supportingMedia": [
            {
              "type": "text/html",
              "base64": false,
              "value": "By manipulating the Signal Level Attenuation Characterization (SLAC) \nprotocol with spoofed measurements, an attacker can stage a \nman-in-the-middle attack between an electric vehicle and chargers that \ncomply with the ISO 15118-2 part. This vulnerability may be exploitable \nwirelessly, within close proximity, via electromagnetic induction."
            }
          ]
        }
      ],
      "affected": [
        {
          "vendor": "ISO 15118-2 Network and Application Protocol Requirements",
          "product": "EV Car Chargers",
          "defaultStatus": "unaffected",
          "versions": [
            {
              "version": "Part 15118-2 Network and Application Protocol Requirements",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "CWE-923",
              "cweId": "CWE-923",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://www.iec.ch/contact?id=40499"
        },
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-303-01"
        },
        {
          "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-303-01.json"
        }
      ],
      "metrics": [
        {
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ],
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
            "attackVector": "ADJACENT_NETWORK",
            "attackComplexity": "LOW",
            "privilegesRequired": "NONE",
            "userInteraction": "NONE",
            "scope": "UNCHANGED",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "availabilityImpact": "HIGH",
            "baseScore": 8.3,
            "baseSeverity": "HIGH"
          }
        },
        {
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "workarounds": [
        {
          "lang": "en",
          "value": "ISO recommends using TLS for all communications in accordance with \nISO 15118-20. While the use of TLS is recommended in ISO 15118-2, it is \nrequired in the ISO 15118-20 revision. TLS should be implemented with \ncertificate chaining.\n\nFor additional information, please contact the  International Electrotechnical Commission https://www.iec.ch/contact .",
          "supportingMedia": [
            {
              "type": "text/html",
              "base64": false,
              "value": "<p>ISO recommends using TLS for all communications in accordance with \nISO 15118-20. While the use of TLS is recommended in ISO 15118-2, it is \nrequired in the ISO 15118-20 revision. TLS should be implemented with \ncertificate chaining.</p><p>For additional information, please contact the <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.iec.ch/contact?id=40499\">International Electrotechnical Commission</a>.\n\n<br></p>"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Mark I. Johnson of Southwest Research Institute reported this vulnerability to CISA.",
          "type": "finder"
        }
      ]
    }
  }
}

Mitre source

https://cveawg.mitre.org/api/cve/CVE-2025-12357