Siemens Energy Services

MonitorCVSS 6.8ICS-CERT ICSA-25-345-08Dec 9, 2025

SiemensEnergy

Attack path

Attack VectorPhysical

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Elspec G5 power quality monitoring devices allow an attacker with physical access to reset the Admin password by inserting a USB drive containing a publicly documented reset string into a USB port. This grants full administrative control over the device without requiring prior authentication. The vulnerability affects all versions of the device and no patch has been released by Siemens, only by Elspec (the original equipment manufacturer).

What this means

What could happen

An attacker with physical access to the device can reset the Admin password using a USB drive, gaining full control of the Elspec G5 device and potentially altering power measurement or monitoring parameters that affect grid operations.

Who's at risk

This affects organizations operating Siemens Energy Services solutions using Elspec G5 power quality monitoring and measurement devices. Any facility relying on G5 devices for grid visibility, power quality monitoring, or demand management in electric utilities or energy-intensive industrial plants should care.

How it could be exploited

An attacker gains physical access to the device, inserts a USB drive containing a publicly documented reset string, and uses the reset functionality to change the Admin password without authentication. Once logged in, the attacker can modify device configuration, measurement setpoints, or disable monitoring functions.

Prerequisites

Physical access to the Elspec G5 device and its USB port
USB drive with the publicly documented reset string

low complexityno authentication required for physical attackpublicly documented attack methodphysical access required but location in substations may be vulnerable to intruders

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (1)

ProductAffected VersionsFix Status

Energy ServicesAll versionsNo fix yet

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict physical access to the device by securing it in a locked cabinet or control room accessible only to authorized personnel

WORKAROUNDDisable or block USB ports on the device if the functionality is not required for operations

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Elspec G5DFR to version V1.2.3.13 or later

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate the G5 device from untrusted networks and the internet

CVEs (1)

CVE-2025-59392

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/38cbe987-4cdd-4b03-b50d-b691f1c48a36

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.