PT-2025-24678 · Unknown · Energy Services
Published
2025-06-10
·
Updated
2025-06-10
·
CVE-2025-40585
CVSS v3.1
9.9
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
Energy Services versions with G5DFR
Description
A vulnerability has been identified in Energy Services where affected solutions using G5DFR contain default credentials. This could allow an attacker to gain control of the G5DFR component and tamper with outputs from the device.
Recommendations
For Energy Services versions with G5DFR, consider changing the default credentials to prevent unauthorized access. As a temporary workaround, restrict access to the G5DFR component to minimize the risk of exploitation.
Fix
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Energy Services