OTPulse
FeedAboutContact

Siemens Energy Services

Monitor6.8ICS-CERT ICSA-25-345-08Dec 9, 2025
Attack VectorPhysical
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Siemens Energy Services solutions using Elspec G5 devices allow an attacker with physical access to reset the administrator password by inserting a USB drive containing a publicly documented reset string into a USB port. This grants full administrative control of the device without requiring any credentials or knowledge of the existing password. The vulnerability affects all versions of the G5DFR firmware.

What this means
What could happen
An attacker with physical access to a Siemens Elspec G5 device can reset the administrator password using a USB drive, potentially allowing them to take control of power monitoring and analysis equipment that protects grid operations.
Who's at risk
Energy utilities and power system operators using Siemens Elspec G5 power quality monitoring and analysis devices. This affects any organization relying on these devices to monitor grid stability and diagnose electrical faults.
How it could be exploited
An attacker inserts a USB drive containing a publicly documented reset string into the G5 device's USB port while the device is physically accessible. This bypasses authentication and resets the admin password, granting full device control.
Prerequisites
  • Physical access to the G5 device
  • A USB drive with the publicly documented reset string
  • Knowledge of the reset procedure (publicly documented)
Physical access requiredPublicly documented exploit methodNo authentication bypass detection built inAffects power quality monitoring systems
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (1)
ProductAffected VersionsFix Status
Energy ServicesAll versionsNo fix yet
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGRestrict physical access to G5 devices using locked cabinets, server rooms, or cages
HARDENINGIsolate G5 devices from business networks and place them behind firewalls; ensure they are not directly accessible from the internet
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Siemens Elspec G5DFR firmware to version 1.2.3.13 or later
HARDENINGMonitor G5 device access logs and USB activity for unauthorized reset attempts
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/38cbe987-4cdd-4b03-b50d-b691f1c48a36
Siemens Energy Services | CVSS 6.8 - OTPulse