Full Report
Heliox EV Chargers listed below contain improper access control vulnerability that could allow an attacker to reach unauthorized services via the charging cable. Siemens has released new versions for the affected products and recommends to update to the latest versions.
Analysis Summary
# Vulnerability: Improper Access Control in Heliox EV Chargers
## CVE Details
- **CVE ID:** CVE-2025-27769
- **CVSS Score:** 2.6 (Low) - CVSS v3.1 / 2.4 (Low) - CVSS v4.0
- **CWE:** CWE-923: Improper Restriction of Communication Channel to Intended Endpoints
## Affected Systems
- **Products:**
- Heliox Flex 180 kW EV Charging Station
- Heliox Mobile DC 40 kW EV Charging Station
- **Versions:**
- Heliox Flex: All versions prior to F4.11.1
- Heliox Mobile DC: All versions prior to L4.10.1
- **Configurations:** Devices connected via physical charging cables.
## Vulnerability Description
The affected Heliox EV charging stations contain an improper access control vulnerability within the communication channel established via the charging cable. Due to insufficient restrictions on the endpoints of this communication channel, an attacker can bypass intended access controls to reach unauthorized services on the device's internal network or management interface.
## Exploitation
- **Status:** Not reported as exploited in the wild; no public PoC currently listed.
- **Complexity:** Low
- **Attack Vector:** Physical (Requires a physical connection to the device via the charging cable).
## Impact
- **Confidentiality:** Low (Possible unauthorized access to service information).
- **Integrity:** None
- **Availability:** None
## Remediation
### Patches
Siemens has released updates to address the flaw. Users are advised to contact Siemens customer support to facilitate these updates:
- **Heliox Flex 180 kW:** Update to version **F4.11.1** or later (available via OTA update).
- **Heliox Mobile DC 40 kW:** Update to version **L4.10.1** or later (available via OTA update).
### Workarounds
- Protect physical access to the charging stations to prevent unauthorized tampering or connection of non-EV equipment.
- Follow Siemens' operational guidelines for Industrial Security to ensure the devices are operated within a protected IT environment.
## Detection
- **Indicators of Compromise:** Unusual network traffic originating from the charging cable interface or unauthorized attempts to access management services via the physical port.
- **Detection methods and tools:** Monitoring of internal device logs for unauthorized service requests and implementing network segmentation to isolate charger management traffic.
## References
- **Siemens Security Advisory SSA-126399:** hxxps[://]cert-portal[.]siemens[.]com/productcert/html/ssa-126399[.]html
- **Siemens Industrial Security Guidelines:** hxxps[://]www[.]siemens[.]com/cert/operational-guidelines-industrial-security
- **Siemens ProductCERT:** hxxps[://]www[.]siemens[.]com/cert/advisories