Siemens Heliox EV Chargers

Low RiskCVSS 3ICS-CERT ICSA-26-071-05Mar 10, 2026

SiemensManufacturing

Attack path

Attack VectorPhysical

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Heliox EV Chargers (Flex 180 kW and Mobile DC 40 kW models) contain an improper access control vulnerability that allows an attacker with physical access to the charging cable connector to reach unauthorized internal services on the charging station. The vulnerability exists in versions prior to F4.11.1 (Flex 180 kW) and L4.10.1 (Mobile DC 40 kW). Siemens has released firmware updates to address this issue.

What this means

What could happen

An attacker with physical access to the charging cable connector could bypass access controls and reach unauthorized services on the charging station, potentially gaining access to sensitive operational or administrative functions.

Who's at risk

EV charging station operators managing Heliox Flex 180 kW or Heliox Mobile DC 40 kW chargers should be concerned. This affects public charging networks, fleet charging sites, and municipal EV infrastructure where physical access to chargers may be difficult to fully control.

How it could be exploited

An attacker must physically connect to the charging cable connector and interact with the charging station's internal services. The vulnerability exists in the access control mechanism that protects these services, allowing circumvention with direct physical contact to the device.

Prerequisites

Physical access to the charging cable connector or charging station hardware
No credentials or authentication required

Physical access exploitationImproper access controlNo authentication requiredAffects critical infrastructure (EV charging)

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (2)

2 pending

ProductAffected VersionsFix Status

Heliox Flex 180 kW EV Charging Station<F4.11.1No fix yet

Heliox Mobile DC 40 kW EV Charging Station<L4.10.1No fix yet

Remediation & Mitigation

0/4

Do now

0/1

HARDENINGRestrict physical access to charging stations and charging cable connectors to authorized personnel only; install physical security measures such as tamper-evident seals or surveillance

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXContact Siemens customer support for OTA (over-the-air) firmware update availability and apply patches to Heliox Flex 180 kW and Heliox Mobile DC 40 kW charging stations

HARDENINGMonitor charging station logs for unauthorized access attempts or anomalous service connections

Long-term hardening

0/1

HARDENINGIsolate charging station networks from business and administrative networks to limit impact if unauthorized service access occurs

CVEs (1)

CVE-2025-27769

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/3c6421dd-fa6d-4fcb-9d5c-089015b83579

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.