PatchSiren cyber security CVE debrief
CVE-2025-31930 Siemens CVE debrief
CVE-2025-31930 affects multiple Siemens VersiCharge AC and related EV charger products because Modbus service is enabled by default. According to the CISA CSAF advisory and Siemens references, an attacker already connected to the same network could use that service to remotely control the charger. The published CVSS 3.1 vector (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) reflects the potential for high-impact control over device behavior. Siemens lists a vendor fix in version V2.135 or later, with OTA delivery available for fully commissioned devices connected to Siemens Device Management.
- Vendor
- Siemens
- Product
- IEC 1Ph 7.4kW Child socket (8EM1310-2EH04-0GA0)
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-05-13
- Original CVE updated
- 2025-05-13
- Advisory published
- 2025-05-13
- Advisory updated
- 2025-05-13
Who should care
Siemens EV charger operators, facility and fleet charging administrators, OT/ICS security teams, and any organization running the affected Siemens charger models on an internal or shared network should treat this as a priority issue.
Technical summary
The advisory describes a default-enabled Modbus service on affected chargers. Because Modbus is reachable from the local network, a nearby attacker with access to the same network may issue commands that alter charger operation. The source corpus ties the issue to 36 Siemens product SKUs across IEC and UL product families and recommends upgrading to V2.135 or later. For commissioned chargers connected to Siemens Device Management, the update may be delivered OTA.
Defensive priority
High. The issue is network-adjacent, requires no privileges or user interaction, and can enable direct device control. In OT and EV charging environments, that combination warrants prompt remediation and access restriction until patched.
Recommended defensive actions
- Update affected Siemens chargers to V2.135 or later as recommended by the vendor.
- If devices are fully commissioned and connected to Siemens Device Management, verify that the OTA update path is available and completed.
- Restrict access to charging-network segments so only necessary management hosts can reach the devices.
- Review whether Modbus must remain enabled on the local network; if not required, disable or segment it according to vendor guidance and site policy.
- Validate which of the listed Siemens product SKUs are deployed before scheduling maintenance and remediation.
- Monitor for unauthorized local-network traffic to charger management services and document any unexpected Modbus use.
Evidence notes
The summary is based on the supplied CISA CSAF advisory ICSA-25-135-08 and its Siemens references. The advisory states that affected devices contain Modbus service enabled by default and that a same-network attacker could remotely control the EV charger. The timeline and publication date supplied with the source are 2025-05-13, and no KEV entry is present in the provided enrichment data.
Official resources
-
CVE-2025-31930 CVE record
CVE.org
-
CVE-2025-31930 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed on 2025-05-13 in CISA advisory ICSA-25-135-08 and Siemens security advisories. The provided enrichment data indicates the CVE is not listed in CISA KEV.