CVE-2025-40585 | THREATINT

Description

A vulnerability has been identified in Energy Services (All versions with G5DFR). Affected solutions using G5DFR contain default credentials. This could allow an attacker to gain control of G5DFR component and tamper with outputs from the device.

PUBLISHED Reserved 2025-04-16 | Published 2025-06-10 | Updated 2025-06-10 | Assigner siemens

CRITICAL: 9.9CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L

CRITICAL: 9.5CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:H/SA:L

Problem types

CWE-276: Incorrect Default Permissions

Product status

Default status

unknown

Any version before *

affected

References

cert-portal.siemens.com/productcert/html/ssa-345750.html

cve.org (CVE-2025-40585)

nvd.nist.gov (CVE-2025-40585)

Download JSON