SSA-556937

Siemens Security Advisory by Siemens ProductCERT

SSA-556937: Multiple Vulnerabilities in VersiCharge AC Series EV Chargers

Publication Date:	2025-05-13
Last Update:	2025-05-14
Current Version:	V1.1
CVSS v3.1 Base Score:	8.8
CVSS v4.0 Base Score:	8.7

SUMMARY

VersiCharge AC Series EV Chargers contain two vulnerabilities that could allow an attacker to gain control of the chargers through default Modbus port or execute arbitrary code by manipulating the M0 firmware.

Siemens recommends countermeasures for products where fixes are not, or not yet available.

AFFECTED PRODUCTS AND SOLUTION

Un-/Collapse All

Affected Product and Versions	Remediation
VersiCharge AC Series	Show more details
IEC 1Ph 7.4kW Child socket (8EM1310-2EH04-0GA0)	Show more details
IEC 1Ph 7.4kW Child socket (8EM1310-2EH04-0GA0) All versions affected by CVE-2025-31929	Currently no fix is planned
IEC 1Ph 7.4kW Child socket (8EM1310-2EH04-0GA0) All versions < V2.135 affected by CVE-2025-31930	Commission the charger and associate it to a VersiCloud group with Modbus configured to be off. If you are uncertain about whether the Modbus setting is on or off in the group you wish to use, contact Siemens support.
IEC 1Ph 7.4kW Child socket/ shutter (8EM1310-2EN04-0GA0)	Show more details
IEC 1Ph 7.4kW Child socket/ shutter (8EM1310-2EN04-0GA0) All versions affected by CVE-2025-31929	Currently no fix is planned
IEC 1Ph 7.4kW Child socket/ shutter (8EM1310-2EN04-0GA0) All versions < V2.135 affected by CVE-2025-31930	Commission the charger and associate it to a VersiCloud group with Modbus configured to be off. If you are uncertain about whether the Modbus setting is on or off in the group you wish to use, contact Siemens support.
IEC 1Ph 7.4kW Parent cable 7m (8EM1310-2EJ04-3GA1)	Show more details
IEC 1Ph 7.4kW Parent cable 7m (8EM1310-2EJ04-3GA1) All versions affected by CVE-2025-31929	Currently no fix is planned
IEC 1Ph 7.4kW Parent cable 7m (8EM1310-2EJ04-3GA1) All versions < V2.135 affected by CVE-2025-31930	Commission the charger and associate it to a VersiCloud group with Modbus configured to be off. If you are uncertain about whether the Modbus setting is on or off in the group you wish to use, contact Siemens support.
IEC 1Ph 7.4kW Parent cable 7m incl. SIM (8EM1310-2EJ04-3GA2)	Show more details
IEC 1Ph 7.4kW Parent cable 7m incl. SIM (8EM1310-2EJ04-3GA2) All versions affected by CVE-2025-31929	Currently no fix is planned
IEC 1Ph 7.4kW Parent cable 7m incl. SIM (8EM1310-2EJ04-3GA2) All versions < V2.135 affected by CVE-2025-31930	Commission the charger and associate it to a VersiCloud group with Modbus configured to be off. If you are uncertain about whether the Modbus setting is on or off in the group you wish to use, contact Siemens support.
IEC 1Ph 7.4kW Parent socket (8EM1310-2EH04-3GA1)	Show more details
IEC 1Ph 7.4kW Parent socket (8EM1310-2EH04-3GA1) All versions affected by CVE-2025-31929	Currently no fix is planned
IEC 1Ph 7.4kW Parent socket (8EM1310-2EH04-3GA1) All versions < V2.135 affected by CVE-2025-31930	Commission the charger and associate it to a VersiCloud group with Modbus configured to be off. If you are uncertain about whether the Modbus setting is on or off in the group you wish to use, contact Siemens support.
IEC 1Ph 7.4kW Parent socket incl. SIM (8EM1310-2EH04-3GA2)	Show more details
IEC 1Ph 7.4kW Parent socket incl. SIM (8EM1310-2EH04-3GA2) All versions affected by CVE-2025-31929	Currently no fix is planned
IEC 1Ph 7.4kW Parent socket incl. SIM (8EM1310-2EH04-3GA2) All versions < V2.135 affected by CVE-2025-31930	Commission the charger and associate it to a VersiCloud group with Modbus configured to be off. If you are uncertain about whether the Modbus setting is on or off in the group you wish to use, contact Siemens support.
IEC 1Ph 7.4kW Parent socket/ shutter (8EM1310-2EN04-3GA1)	Show more details
IEC 1Ph 7.4kW Parent socket/ shutter (8EM1310-2EN04-3GA1) All versions affected by CVE-2025-31929	Currently no fix is planned
IEC 1Ph 7.4kW Parent socket/ shutter (8EM1310-2EN04-3GA1) All versions < V2.135 affected by CVE-2025-31930	Commission the charger and associate it to a VersiCloud group with Modbus configured to be off. If you are uncertain about whether the Modbus setting is on or off in the group you wish to use, contact Siemens support.
IEC 1Ph 7.4kW Parent socket/ shutter SIM (8EM1310-2EN04-3GA2)	Show more details
IEC 1Ph 7.4kW Parent socket/ shutter SIM (8EM1310-2EN04-3GA2) All versions affected by CVE-2025-31929	Currently no fix is planned
IEC 1Ph 7.4kW Parent socket/ shutter SIM (8EM1310-2EN04-3GA2) All versions < V2.135 affected by CVE-2025-31930	Commission the charger and associate it to a VersiCloud group with Modbus configured to be off. If you are uncertain about whether the Modbus setting is on or off in the group you wish to use, contact Siemens support.
IEC 3Ph 22kW Child cable 7m (8EM1310-3EJ04-0GA0)	Show more details
IEC 3Ph 22kW Child cable 7m (8EM1310-3EJ04-0GA0) All versions affected by CVE-2025-31929	Currently no fix is planned
IEC 3Ph 22kW Child cable 7m (8EM1310-3EJ04-0GA0) All versions < V2.135 affected by CVE-2025-31930	Commission the charger and associate it to a VersiCloud group with Modbus configured to be off. If you are uncertain about whether the Modbus setting is on or off in the group you wish to use, contact Siemens support.
IEC 3Ph 22kW Child socket (8EM1310-3EH04-0GA0)	Show more details
IEC 3Ph 22kW Child socket (8EM1310-3EH04-0GA0) All versions affected by CVE-2025-31929	Currently no fix is planned
IEC 3Ph 22kW Child socket (8EM1310-3EH04-0GA0) All versions < V2.135 affected by CVE-2025-31930	Commission the charger and associate it to a VersiCloud group with Modbus configured to be off. If you are uncertain about whether the Modbus setting is on or off in the group you wish to use, contact Siemens support.
IEC 3Ph 22kW Child socket/ shutter (8EM1310-3EN04-0GA0)	Show more details
IEC 3Ph 22kW Child socket/ shutter (8EM1310-3EN04-0GA0) All versions affected by CVE-2025-31929	Currently no fix is planned
IEC 3Ph 22kW Child socket/ shutter (8EM1310-3EN04-0GA0) All versions < V2.135 affected by CVE-2025-31930	Commission the charger and associate it to a VersiCloud group with Modbus configured to be off. If you are uncertain about whether the Modbus setting is on or off in the group you wish to use, contact Siemens support.
IEC 3Ph 22kW Parent cable 7m (8EM1310-3EJ04-3GA1)	Show more details
IEC 3Ph 22kW Parent cable 7m (8EM1310-3EJ04-3GA1) All versions affected by CVE-2025-31929	Currently no fix is planned
IEC 3Ph 22kW Parent cable 7m (8EM1310-3EJ04-3GA1) All versions < V2.135 affected by CVE-2025-31930	Commission the charger and associate it to a VersiCloud group with Modbus configured to be off. If you are uncertain about whether the Modbus setting is on or off in the group you wish to use, contact Siemens support.
IEC 3Ph 22kW Parent cable 7m incl. SIM (8EM1310-3EJ04-3GA2)	Show more details
IEC 3Ph 22kW Parent cable 7m incl. SIM (8EM1310-3EJ04-3GA2) All versions affected by CVE-2025-31929	Currently no fix is planned
IEC 3Ph 22kW Parent cable 7m incl. SIM (8EM1310-3EJ04-3GA2) All versions < V2.135 affected by CVE-2025-31930	Commission the charger and associate it to a VersiCloud group with Modbus configured to be off. If you are uncertain about whether the Modbus setting is on or off in the group you wish to use, contact Siemens support.
IEC 3Ph 22kW Parent socket (8EM1310-3EH04-3GA1)	Show more details
IEC 3Ph 22kW Parent socket (8EM1310-3EH04-3GA1) All versions affected by CVE-2025-31929	Currently no fix is planned
IEC 3Ph 22kW Parent socket (8EM1310-3EH04-3GA1) All versions < V2.135 affected by CVE-2025-31930	Commission the charger and associate it to a VersiCloud group with Modbus configured to be off. If you are uncertain about whether the Modbus setting is on or off in the group you wish to use, contact Siemens support.
IEC 3Ph 22kW Parent socket incl. SIM (8EM1310-3EH04-3GA2)	Show more details
IEC 3Ph 22kW Parent socket incl. SIM (8EM1310-3EH04-3GA2) All versions affected by CVE-2025-31929	Currently no fix is planned
IEC 3Ph 22kW Parent socket incl. SIM (8EM1310-3EH04-3GA2) All versions < V2.135 affected by CVE-2025-31930	Commission the charger and associate it to a VersiCloud group with Modbus configured to be off. If you are uncertain about whether the Modbus setting is on or off in the group you wish to use, contact Siemens support.
IEC 3Ph 22kW Parent socket/ shutter (8EM1310-3EN04-3GA1)	Show more details
IEC 3Ph 22kW Parent socket/ shutter (8EM1310-3EN04-3GA1) All versions affected by CVE-2025-31929	Currently no fix is planned
IEC 3Ph 22kW Parent socket/ shutter (8EM1310-3EN04-3GA1) All versions < V2.135 affected by CVE-2025-31930	Commission the charger and associate it to a VersiCloud group with Modbus configured to be off. If you are uncertain about whether the Modbus setting is on or off in the group you wish to use, contact Siemens support.
IEC 3Ph 22kW Parent socket/ shutter SIM (8EM1310-3EN04-3GA2)	Show more details
IEC 3Ph 22kW Parent socket/ shutter SIM (8EM1310-3EN04-3GA2) All versions affected by CVE-2025-31929	Currently no fix is planned
IEC 3Ph 22kW Parent socket/ shutter SIM (8EM1310-3EN04-3GA2) All versions < V2.135 affected by CVE-2025-31930	Commission the charger and associate it to a VersiCloud group with Modbus configured to be off. If you are uncertain about whether the Modbus setting is on or off in the group you wish to use, contact Siemens support.
IEC ERK 3Ph 22 kW Child cable 7m (8EM1310-3FJ04-0GA0)	Show more details
IEC ERK 3Ph 22 kW Child cable 7m (8EM1310-3FJ04-0GA0) All versions affected by CVE-2025-31929	Currently no fix is planned
IEC ERK 3Ph 22 kW Child cable 7m (8EM1310-3FJ04-0GA0) All versions < V2.135 affected by CVE-2025-31930	Commission the charger and associate it to a VersiCloud group with Modbus configured to be off. If you are uncertain about whether the Modbus setting is on or off in the group you wish to use, contact Siemens support.
IEC ERK 3Ph 22 kW Child cable 7m (8EM1310-3FJ04-0GA1)	Show more details
IEC ERK 3Ph 22 kW Child cable 7m (8EM1310-3FJ04-0GA1) All versions affected by CVE-2025-31929	Currently no fix is planned
IEC ERK 3Ph 22 kW Child cable 7m (8EM1310-3FJ04-0GA1) All versions < V2.135 affected by CVE-2025-31930	Commission the charger and associate it to a VersiCloud group with Modbus configured to be off. If you are uncertain about whether the Modbus setting is on or off in the group you wish to use, contact Siemens support.
IEC ERK 3Ph 22 kW Child cable 7m (8EM1310-3FJ04-0GA2)	Show more details
IEC ERK 3Ph 22 kW Child cable 7m (8EM1310-3FJ04-0GA2) All versions affected by CVE-2025-31929	Currently no fix is planned
IEC ERK 3Ph 22 kW Child cable 7m (8EM1310-3FJ04-0GA2) All versions < V2.135 affected by CVE-2025-31930	Commission the charger and associate it to a VersiCloud group with Modbus configured to be off. If you are uncertain about whether the Modbus setting is on or off in the group you wish to use, contact Siemens support.
IEC ERK 3Ph 22 kW Child socket (8EM1310-3FH04-0GA0)	Show more details
IEC ERK 3Ph 22 kW Child socket (8EM1310-3FH04-0GA0) All versions affected by CVE-2025-31929	Currently no fix is planned
IEC ERK 3Ph 22 kW Child socket (8EM1310-3FH04-0GA0) All versions < V2.135 affected by CVE-2025-31930	Commission the charger and associate it to a VersiCloud group with Modbus configured to be off. If you are uncertain about whether the Modbus setting is on or off in the group you wish to use, contact Siemens support.
IEC ERK 3Ph 22 kW Parent socket (8EM1310-3FH04-3GA1)	Show more details
IEC ERK 3Ph 22 kW Parent socket (8EM1310-3FH04-3GA1) All versions affected by CVE-2025-31929	Currently no fix is planned
IEC ERK 3Ph 22 kW Parent socket (8EM1310-3FH04-3GA1) All versions < V2.135 affected by CVE-2025-31930	Commission the charger and associate it to a VersiCloud group with Modbus configured to be off. If you are uncertain about whether the Modbus setting is on or off in the group you wish to use, contact Siemens support.
IEC ERK 3Ph 22 kW Parent socket incl. SI (8EM1310-3FH04-3GA2)	Show more details
IEC ERK 3Ph 22 kW Parent socket incl. SI (8EM1310-3FH04-3GA2) All versions affected by CVE-2025-31929	Currently no fix is planned
IEC ERK 3Ph 22 kW Parent socket incl. SI (8EM1310-3FH04-3GA2) All versions < V2.135 affected by CVE-2025-31930	Commission the charger and associate it to a VersiCloud group with Modbus configured to be off. If you are uncertain about whether the Modbus setting is on or off in the group you wish to use, contact Siemens support.
UL Commercial Cellular 48A NTEP (8EM1310-5HF14-1GA2)	Show more details
UL Commercial Cellular 48A NTEP (8EM1310-5HF14-1GA2) All versions affected by CVE-2025-31929	Currently no fix is planned
UL Commercial Cellular 48A NTEP (8EM1310-5HF14-1GA2) All versions < V2.135 affected by CVE-2025-31930	Commission the charger and associate it to a VersiCloud group with Modbus configured to be off. If you are uncertain about whether the Modbus setting is on or off in the group you wish to use, contact Siemens support.
UL Commercial Child 40A w/ 15118 HW (8EM1310-4CF14-0GA0)	Show more details
UL Commercial Child 40A w/ 15118 HW (8EM1310-4CF14-0GA0) All versions affected by CVE-2025-31929	Currently no fix is planned
UL Commercial Child 40A w/ 15118 HW (8EM1310-4CF14-0GA0) All versions < V2.135 affected by CVE-2025-31930	Commission the charger and associate it to a VersiCloud group with Modbus configured to be off. If you are uncertain about whether the Modbus setting is on or off in the group you wish to use, contact Siemens support.
UL Commercial Child 48A BA Compliant (8EM1315-5CG14-0GA0)	Show more details
UL Commercial Child 48A BA Compliant (8EM1315-5CG14-0GA0) All versions affected by CVE-2025-31929	Currently no fix is planned
UL Commercial Child 48A BA Compliant (8EM1315-5CG14-0GA0) All versions < V2.135 affected by CVE-2025-31930	Commission the charger and associate it to a VersiCloud group with Modbus configured to be off. If you are uncertain about whether the Modbus setting is on or off in the group you wish to use, contact Siemens support.
UL Commercial Child 48A w/ 15118 HW (8EM1310-5CF14-0GA0)	Show more details
UL Commercial Child 48A w/ 15118 HW (8EM1310-5CF14-0GA0) All versions affected by CVE-2025-31929	Currently no fix is planned
UL Commercial Child 48A w/ 15118 HW (8EM1310-5CF14-0GA0) All versions < V2.135 affected by CVE-2025-31930	Commission the charger and associate it to a VersiCloud group with Modbus configured to be off. If you are uncertain about whether the Modbus setting is on or off in the group you wish to use, contact Siemens support.
UL Commercial Parent 40A with Simcard (8EM1310-4CF14-1GA2)	Show more details
UL Commercial Parent 40A with Simcard (8EM1310-4CF14-1GA2) All versions affected by CVE-2025-31929	Currently no fix is planned
UL Commercial Parent 40A with Simcard (8EM1310-4CF14-1GA2) All versions < V2.135 affected by CVE-2025-31930	Commission the charger and associate it to a VersiCloud group with Modbus configured to be off. If you are uncertain about whether the Modbus setting is on or off in the group you wish to use, contact Siemens support.
UL Commercial Parent 48A (USPS) (8EM1317-5CG14-1GA2)	Show more details
UL Commercial Parent 48A (USPS) (8EM1317-5CG14-1GA2) All versions affected by CVE-2025-31929	Currently no fix is planned
UL Commercial Parent 48A (USPS) (8EM1317-5CG14-1GA2) All versions < V2.135 affected by CVE-2025-31930	Commission the charger and associate it to a VersiCloud group with Modbus configured to be off. If you are uncertain about whether the Modbus setting is on or off in the group you wish to use, contact Siemens support.
UL Commercial Parent 48A BA Compliant (8EM1315-5CG14-1GA2)	Show more details
UL Commercial Parent 48A BA Compliant (8EM1315-5CG14-1GA2) All versions affected by CVE-2025-31929	Currently no fix is planned
UL Commercial Parent 48A BA Compliant (8EM1315-5CG14-1GA2) All versions < V2.135 affected by CVE-2025-31930	Commission the charger and associate it to a VersiCloud group with Modbus configured to be off. If you are uncertain about whether the Modbus setting is on or off in the group you wish to use, contact Siemens support.
UL Commercial Parent 48A with Simcard BA (8EM1310-5CF14-1GA2)	Show more details
UL Commercial Parent 48A with Simcard BA (8EM1310-5CF14-1GA2) All versions affected by CVE-2025-31929	Currently no fix is planned
UL Commercial Parent 48A with Simcard BA (8EM1310-5CF14-1GA2) All versions < V2.135 affected by CVE-2025-31930	Commission the charger and associate it to a VersiCloud group with Modbus configured to be off. If you are uncertain about whether the Modbus setting is on or off in the group you wish to use, contact Siemens support.
UL Commercial Parent 48A, 15118, 25ft (8EM1310-5CG14-1GA1)	Show more details
UL Commercial Parent 48A, 15118, 25ft (8EM1310-5CG14-1GA1) All versions affected by CVE-2025-31929	Currently no fix is planned
UL Commercial Parent 48A, 15118, 25ft (8EM1310-5CG14-1GA1) All versions < V2.135 affected by CVE-2025-31930	Commission the charger and associate it to a VersiCloud group with Modbus configured to be off. If you are uncertain about whether the Modbus setting is on or off in the group you wish to use, contact Siemens support.
UL Commercial Parent 48A, 15118, 25ft (8EM1315-5HG14-1GA2)	Show more details
UL Commercial Parent 48A, 15118, 25ft (8EM1315-5HG14-1GA2) All versions affected by CVE-2025-31929	Currently no fix is planned
UL Commercial Parent 48A, 15118, 25ft (8EM1315-5HG14-1GA2) All versions < V2.135 affected by CVE-2025-31930	Commission the charger and associate it to a VersiCloud group with Modbus configured to be off. If you are uncertain about whether the Modbus setting is on or off in the group you wish to use, contact Siemens support.
UL Commercial Parent 48A, 15118, 25ft (8EM1314-5CG14-2FA2)	Show more details
UL Commercial Parent 48A, 15118, 25ft (8EM1314-5CG14-2FA2) All versions affected by CVE-2025-31929	Currently no fix is planned
UL Commercial Parent 48A, 15118, 25ft (8EM1314-5CG14-2FA2) All versions < V2.135 affected by CVE-2025-31930	Commission the charger and associate it to a VersiCloud group with Modbus configured to be off. If you are uncertain about whether the Modbus setting is on or off in the group you wish to use, contact Siemens support.
UL Commercial Parent 48A,15118 25ft Sim (8EM1310-5CG14-1GA2)	Show more details
UL Commercial Parent 48A,15118 25ft Sim (8EM1310-5CG14-1GA2) All versions affected by CVE-2025-31929	Currently no fix is planned
UL Commercial Parent 48A,15118 25ft Sim (8EM1310-5CG14-1GA2) All versions < V2.135 affected by CVE-2025-31930	Commission the charger and associate it to a VersiCloud group with Modbus configured to be off. If you are uncertain about whether the Modbus setting is on or off in the group you wish to use, contact Siemens support.
UL Resi High End 40A w/15118 Hw (8EM1312-4CF18-0FA3) All versions affected by CVE-2025-31929	Currently no fix is planned
UL Resi High End 48A w/15118 Hw (8EM1312-5CF18-0FA3) All versions affected by CVE-2025-31929	Currently no fix is planned
VersiCharge Blue™ 80A AC Cellular (8EM1315-7BG16-1FH2)	Show more details
VersiCharge Blue™ 80A AC Cellular (8EM1315-7BG16-1FH2) All versions affected by CVE-2025-31929	Currently no fix is planned
VersiCharge Blue™ 80A AC Cellular (8EM1315-7BG16-1FH2) All versions < V2.135 affected by CVE-2025-31930	Commission the charger and associate it to a VersiCloud group with Modbus configured to be off. If you are uncertain about whether the Modbus setting is on or off in the group you wish to use, contact Siemens support.

WORKAROUNDS AND MITIGATIONS

Product-specific remediations or mitigations can be found in the section Affected Products and Solution.
Please follow the General Security Recommendations.

GENERAL SECURITY RECOMMENDATIONS

As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.

VULNERABILITY DESCRIPTION

Un-/Collapse All

This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory. Wherever applicable, it also documents the product-specific impact of the individual vulnerabilities.

Vulnerability CVE-2025-31929

Affected devices do not contain an Immutable Root of Trust in M0 Hardware. An attacker with physical access to the device could use this to execute arbitrary code.

CVSS v3.1 Base Score	4.2
CVSS v3.1 Vector	CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS v4.0 Base Score	4.1
CVSS v4.0 Vector	CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
CWE	CWE-1326: Missing Immutable Root of Trust in Hardware

Vulnerability CVE-2025-31930

Affected devices contain Modbus service enabled by default. This could allow an attacker connected to the same network to remotely control the EV charger.

CVSS v3.1 Base Score	8.8
CVSS v3.1 Vector	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score	8.7
CVSS v4.0 Vector	CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N
CWE	CWE-1188: Initialization of a Resource with an Insecure Default

ACKNOWLEDGMENTS

Siemens thanks the following party for its efforts:

United States Postal Service Office of Inspector General in collaboration with Southwest Research for reporting the vulnerabilities

ADDITIONAL INFORMATION

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

HISTORY DATA

V1.0 (2025-05-13):	Publication Date
V1.1 (2025-05-14):	Corrected the remediation for CVE-2025-31930

The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.