CVE-2025-40807
BaseFortify
Publication date: 2025-12-09
Last updated on: 2025-12-09
Assigner: Siemens AG
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gridscale | gridscale_x_prepay | 4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-294 | A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Gridscale X Prepay (all versions before V4.2.1) allows an attacker to perform capture-replay attacks on authentication tokens. Specifically, an authenticated user who has been locked out can still establish valid user sessions by replaying previously captured authentication tokens.
How can this vulnerability impact me? :
The vulnerability can allow a locked-out user to bypass lockout restrictions and establish valid sessions, potentially leading to unauthorized access to the system or user data despite lockout policies.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update Gridscale X Prepay to version 4.2.1 or later as recommended by Siemens. Additionally, ensure multi-level redundant secondary protection schemes are in place, especially if managing critical power systems such as TSOs and DSOs. Protect network access using firewalls, network segmentation, VPNs, and configure your environment according to Siemens operational guidelines. Apply security updates using Siemens-provided tools and documented procedures, validate updates before deployment, and supervise the update process by trained personnel. [1]