Siemens Gridscale X Prepay

MonitorCVSS 6.3ICS-CERT ICSA-25-345-09Dec 9, 2025

SiemensEnergy

Attack path

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Gridscale X Prepay versions before 4.2.1 contain two vulnerabilities: CWE-204 (information exposure) and CWE-294 (authentication bypass). An attacker with valid credentials can enumerate user accounts and bypass locked-out user sessions. This could allow manipulation of billing records or payment data in prepay meter management systems. Siemens released version 4.2.1 containing fixes for these issues.

What this means

What could happen

An attacker with valid credentials could enumerate user accounts on the prepay meter management system and maintain unauthorized session access even after being locked out, potentially allowing them to modify billing data or payment records.

Who's at risk

Water and electric utilities using Siemens Gridscale X Prepay for meter payment and billing administration. Anyone managing prepaid utility accounts or accessing the meter management system should prioritize this vulnerability, as it could lead to unauthorized billing changes or customer account tampering.

How it could be exploited

An attacker with network access to Gridscale X Prepay would submit requests to enumerate valid user names and maintain session access after lockout. This requires valid credentials to initiate the attack but does not require administrative privileges.

Prerequisites

Network access to Gridscale X Prepay management interface (typically port 443/HTTPS)
Valid user account credentials for the prepay system

remotely exploitablerequires valid credentialsaffects billing and revenue systemsuser enumeration possiblesession bypass possible

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (1)

ProductAffected VersionsFix Status

Gridscale X Prepay< 4.2.14.2.1

Remediation & Mitigation

0/4

Do now

0/1

HARDENINGRestrict network access to Gridscale X Prepay management interface to authorized personnel only using firewall rules

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Gridscale X Prepay to version 4.2.1 or later

Long-term hardening

0/2

HARDENINGImplement multi-factor authentication (MFA) or IP-based access controls for Gridscale X Prepay administrative accounts

HARDENINGPlace Gridscale X Prepay behind a firewall on a protected meter management network segment, isolated from external networks and the business IT network

CVEs (2)

CVE-2025-40806 CVE-2025-40807

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a49f3475-efd5-4344-bf34-a7de4192739e

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.