VDB
CVE-2025-40585
CVE-2025-40585
PUBLISHED
CVSS 9.899999618530273 CRITICAL
A vulnerability has been identified in Energy Services (All versions with G5DFR). Affected solutions using G5DFR contain default credentials. This could allow an attacker to gain control of G5DFR component and tamper with outputs from the device.
EPSS 0.28% · 52.0th percentile
Risk Scores
CVSS 3.1
9.899999618530273
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L
EPSS Score
0.28%
52.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Energy Services | 0 |
Exploit Intelligence
- CIRCL seen: CVE-2025-40585 (circl-sighting)
- CIRCL seen: CVE-2025-40585 (circl-sighting)
- CIRCL seen: CVE-2025-40585 (circl-sighting)
- CIRCL seen: CVE-2025-40585 (circl-sighting)
- https://cert-portal.siemens.com/productcert/html/ssa-345750.html (circl)
Timeline
- Jun 10, 2025 Coalition ESS Score
- Jun 10, 2025 CVE Published
- Jun 10, 2025 PoC Published
- Jun 10, 2025 PoC Published
- Jun 10, 2025 PoC Published
- Jun 11, 2025 EPSS Score
- Jun 12, 2025 Coalition ESS Score
- Jun 12, 2025 PoC Published
- Jun 21, 2025 EPSS Score
- Jul 2, 2025 EPSS Score
- Jul 12, 2025 EPSS Score
- Jul 23, 2025 EPSS Score