VDB
ICSA-26-071-05
ICSA-26-071-05
PUBLISHED
CVSS 2.5999999046325684 LOW
Heliox EV Chargers listed below contain improper access control vulnerability that could allow an attacker to reach unauthorized services via the charging cable. Siemens has released new versions for the affected products and recommends to update to the latest versions.
Risk Scores
CVSS v3.1
2.5999999046325684
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Heliox Flex 180 kW EV Charging Station | ||
| Heliox Mobile DC 40 kW EV Charging Station |
Timeline
- Mar 10, 2026 CVE Published
- Mar 12, 2026 CVE Updated
References
- https://cert-portal.siemens.com/productcert/csaf/ssa-126399.json advisory
- https://cert-portal.siemens.com/productcert/html/ssa-126399.html advisory
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2026/icsa-26-071-05.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-071-05 advisory
- https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01 url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.cisa.gov/topics/industrial-control-systems url
- https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
- https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b url