CVE-2025-40585 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-40585 PUBLISHED CVSS 9.899999618530273 CRITICAL

A vulnerability has been identified in Energy Services (All versions with G5DFR). Affected solutions using G5DFR contain default credentials. This could allow an attacker to gain control of G5DFR component and tamper with outputs from the device.

EPSS 0.07% · 21.8th percentile

Risk Scores

CVSS v3.1

9.899999618530273

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L

EPSS Score

0.07%

21.8th percentile

Affected Products

Vendor	Product	Versions
Siemens	Energy Services	0

Timeline

Jun 10, 2025 Coalition ESS Score
Jun 10, 2025 CVE Published
Jun 10, 2025 PoC Published
Jun 10, 2025 PoC Published
Jun 10, 2025 PoC Published
Jun 11, 2025 EPSS Score
Jun 12, 2025 Coalition ESS Score
Jun 12, 2025 PoC Published
Jun 21, 2025 EPSS Score
Jul 1, 2025 EPSS Score
Jul 11, 2025 EPSS Score
Jul 21, 2025 EPSS Score

References

Open in Interactive Console →