Default credentials vulnerability discovered in Siemens Energy Services Digital Fault Recorder
Take action: Change all default usernames and passwords of Energy Services using the Elspec G5 Digital Fault Recorder. There are hardcoded well known credentials in the system that will be abused if not reset. Also, make sure to isolate the system from the internet and be accessible only from trusted networks.
Learn More
Siemens has patched a critical security vulnerability in Energy Services solutions that utilize the Elspec G5 Digital Fault Recorder (G5DFR).
The flaw is tracked as CVE-2025-40585 (CVSS score 9.9) - it's caused by hardcoded default credentials with admin privileges that could allow an attacker to gain control of the G5DFR component and tamper with outputs from the device
The vulnerability affects Energy Services from Siemens, previously known as Managed Applications and Services, which sell solutions using the Elspec G5 Digital Fault Recorder. A client configuration with remote access could allow an attacker to gain remote control of the G5DFR component and tamper outputs from the device.
All versions of Energy Services solutions that incorporate the G5DFR are affected by this vulnerability.
Siemens advises that users change the default usernames, passwords and permission levels on their Energy Services using Elspec G5 Digital Fault Recorder. As additional protection, Siemens strongly recommends implementing network segmentation and access controls to limit exposure of these devices to potential attackers.
