Refine your search
1 vulnerability found for Heliox Mobile DC 40 kW EV Charging Station by Siemens
CVE-2025-27769 (GCVE-0-2025-27769)
Vulnerability from cvelistv5
Published
2026-03-10 16:07
Modified
2026-03-10 16:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
Summary
A vulnerability has been identified in Heliox Flex 180 kW EV Charging Station (All versions < F4.11.1), Heliox Mobile DC 40 kW EV Charging Station (All versions < L4.10.1). Affected devices contain improper access control that could allow an attacker to reach unauthorized services via the charging cable.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Siemens | Heliox Flex 180 kW EV Charging Station |
Version: 0 < F4.11.1 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27769",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T16:33:20.023387Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T16:41:10.032Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Heliox Flex 180 kW EV Charging Station",
"vendor": "Siemens",
"versions": [
{
"lessThan": "F4.11.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Heliox Mobile DC 40 kW EV Charging Station",
"vendor": "Siemens",
"versions": [
{
"lessThan": "L4.10.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Heliox Flex 180 kW EV Charging Station (All versions \u003c F4.11.1), Heliox Mobile DC 40 kW EV Charging Station (All versions \u003c L4.10.1). Affected devices contain improper access control that could allow an attacker to reach unauthorized services via the charging cable."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-923",
"description": "CWE-923: Improper Restriction of Communication Channel to Intended Endpoints",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T16:07:43.641Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-126399.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2025-27769",
"datePublished": "2026-03-10T16:07:43.641Z",
"dateReserved": "2025-03-06T16:53:49.577Z",
"dateUpdated": "2026-03-10T16:41:10.032Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}