Executive Summary

This vulnerability is a null pointer dereference in the EVerest EV charging software stack, specifically during the deserialization of a DC_ChargeLoopRes message that contains both a Receipt and TaxCosts. The issue occurs because the vector tax_costs in the Receipt structure is accessed out of bounds without being properly resized first. This causes the software to attempt to write to an uninitialized reference, leading to a crash (segmentation fault) of the module handling the message. As a result, the entire EVerest process and all its modules shut down, affecting all Electric Vehicle Supply Equipment (EVSE) operations. The problem is fixed in version 2025.10.0 by properly initializing and resizing the tax_costs vector before access. [1]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can cause a denial of service by crashing the EVerest system that manages EVSE operations. When triggered, the module handling the DC_ChargeLoopRes message crashes due to a null pointer dereference, causing the entire EVerest process and all its modules to shut down. This results in unavailability of the EV charging infrastructure managed by EVerest, potentially disrupting EV charging services. The attack requires no privileges or user interaction and can be performed from an adjacent network. [1]

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by monitoring for crashes or shutdowns of the EVerest ISO15118 charger module, specifically SIGSEGV (segmentation fault) signals occurring during the deserialization of DC_ChargeLoopRes messages containing Receipt and TaxCosts. Additionally, a proof of concept Python script exists that sends a crafted DC_ChargeLoopRes payload to trigger the crash, which can be used to test if a system is vulnerable. The script first sends an SDP request to establish a TCP connection, then sends the malicious payload. Monitoring logs for unexpected module terminations or using the PoC script to test the system can help detect the vulnerability. [1]

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to upgrade the EVerest Evse15118D20 package to version 2025.10.0 or later, where the issue is fixed by properly initializing and resizing the tax_costs vector before accessing its elements during deserialization. Until the upgrade can be applied, monitoring for suspicious DC_ChargeLoopRes messages and restricting access from adjacent networks to reduce exposure may help reduce risk. [1]

Useful 0 Not Useful 0

Compliance Impact

This vulnerability impacts availability by causing a denial of service through crashing the EVerest system managing EVSE. However, it does not affect confidentiality or integrity of data. Therefore, it does not directly impact compliance with data protection standards like GDPR or HIPAA, which primarily focus on confidentiality and integrity of personal data. The main concern is system availability. [1]

Useful 0 Not Useful 0