CVE-2025-27769
Received Received - Intake
Improper Access Control in Heliox EV Chargers Enables Unauthorized Access

Publication date: 2026-03-10

Last updated on: 2026-03-10

Assigner: Siemens AG

Description
A vulnerability has been identified in Heliox Flex 180 kW EV Charging Station (All versions < F4.11.1), Heliox Mobile DC 40 kW EV Charging Station (All versions < L4.10.1). Affected devices contain improper access control that could allow an attacker to reach unauthorized services via the charging cable.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-10
Last Modified
2026-03-10
Generated
2026-06-16
AI Q&A
2026-03-10
EPSS Evaluated
2026-06-15
NVD
CVE-2025-27769
EUVD
EUVD-2025-208479
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
heliox flex_180_kw_ev_charging_station to F4.11.1 (exc)
heliox mobile_dc_40_kw_ev_charging_station to L4.10.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-923 The product establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects Heliox Flex 180 kW and Heliox Mobile DC 40 kW EV Charging Stations running firmware versions prior to F4.11.1 and L4.10.1 respectively. It is caused by improper access control, which allows an attacker to reach unauthorized services through the charging cable.

Impact Analysis

An attacker exploiting this vulnerability could access unauthorized services on the affected EV charging stations via the charging cable. This could potentially lead to unauthorized communication or actions within the device, although the impact is rated low with a CVSS v3.1 base score of 2.6, indicating limited confidentiality impact and no integrity or availability impact.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

[{'type': 'paragraph', 'content': 'To mitigate the vulnerability in Heliox EV Chargers, Siemens recommends updating the affected devices to the latest firmware versions: F4.11.1 or later for the Heliox Flex 180 kW and L4.10.1 or later for the Heliox Mobile DC 40 kW. Firmware updates are available via over-the-air (OTA) updates by contacting Siemens customer support.'}, {'type': 'paragraph', 'content': "Additionally, it is advised to protect network access to these devices using appropriate security mechanisms and to configure the operational environment according to Siemens' Industrial Security guidelines."}, {'type': 'paragraph', 'content': 'Further product-specific mitigations are detailed in the Siemens advisory and support can be obtained via Siemens ProductCERT.'}] [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-27769. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart