CVE-2025-40585
published 2025-06-10CVE-2025-40585: A vulnerability has been identified in Energy Services (All versions with G5DFR). Affected solutions using G5DFR contain default credentials. This could allow…
PriorityP267critical9.9CVSS 3.1
AVNACLPRNUINSCCLIHAL
EPSS
0.33%
24.4th percentile
A vulnerability has been identified in Energy Services (All versions with G5DFR). Affected solutions using G5DFR contain default credentials. This could allow an attacker to gain control of G5DFR component and tamper with outputs from the device.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | energy_services | < * | * |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts targeting G5DFR component via default credentials over the network (unauthenticated, no user interaction required, network-accessible) ↗
- →Monitor G5DFR web interface for login attempts using default/unchanged usernames and passwords, especially from external or unexpected IP addresses ↗
- →Alert on remote network access to Energy Services G5DFR devices that are internet-exposed; CVSS v3 score 9.9 with AV:N/AC:L/PR:N/UI:N indicates unauthenticated remote exploitation with no prerequisites ↗
- ·All versions of Siemens Energy Services using the G5DFR component are affected; no patched version is identified — mitigation relies solely on manual credential changes via the G5DFR web interface ↗
- ·No known public exploitation has been reported at time of advisory publication, but the vulnerability is remotely exploitable with low attack complexity and no authentication required ↗
CVSS provenance
nvdv3.19.9CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L
nvdv4.09.5CRITICALCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens Energy Services
cisa_ics·2025-06-12·CVSS 9.9
[CRITICAL] Siemens Energy Services
ICS Advisory
##
Siemens Energy Services
Release DateJune 12, 2025
Alert CodeICSA-25-162-06
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 9.5
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: Energy Services
- Vulnerability: Incorrect Default Permissions
## 2. RISK EVALUATION
Successful exploitation of this vulnerability coul
GHSA
GHSA-8rxv-vgf4-465c: A vulnerability has been identified in Energy Services (All versions with G5DFR)
ghsa_unreviewed·2025-06-10
CVE-2025-40585 [CRITICAL] CWE-276 GHSA-8rxv-vgf4-465c: A vulnerability has been identified in Energy Services (All versions with G5DFR)
A vulnerability has been identified in Energy Services (All versions with G5DFR). Affected solutions using G5DFR contain default credentials. This could allow an attacker to gain control of G5DFR component and tamper with outputs from the device.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-06-10
Published