OTPulse
FeedAboutContact

Multiple Vulnerabilities in Gridscale X Prepay

Monitor6.3SSA-356310Dec 9, 2025
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

Gridscale X Prepay contains two vulnerabilities: improper input validation (CWE-204) that allows username enumeration and improper session validation (CWE-294) that permits bypass of locked user sessions. An authenticated attacker can discover valid user accounts and potentially regain access to terminated sessions. Siemens has released a patched version and recommends immediate update to the latest release.

What this means
What could happen
An attacker with network access and valid login credentials could enumerate user accounts and potentially bypass user session locks, gaining unauthorized access to the prepay billing system.
Who's at risk
Electric utilities and energy companies operating Gridscale X Prepay billing systems should prioritize this update. The vulnerability affects the customer billing and prepay management system, which is critical infrastructure for revenue collection and customer account security.
How it could be exploited
An attacker with valid credentials to Gridscale X Prepay could exploit information disclosure to enumerate valid usernames, then attempt to bypass locked-out user sessions to regain access without proper re-authentication. The attack requires already having some level of authenticated access to the web interface.
Prerequisites
  • Network access to the Gridscale X Prepay web interface
  • Valid user credentials to authenticate to the system
  • Knowledge that a user account is locked or that an attacker's session was terminated
remotely exploitablerequires valid credentialsuser enumeration possibleaffects billing system
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
Gridscale X Prepay< 4.2.14.2.1
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Gridscale X Prepay to version 4.2.1 or later
View full Siemens ProductCERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/49470b06-2069-4084-83f4-d8fa90c0a176
Multiple Vulnerabilities in Gridscale X Prepay | CVSS 6.3 - OTPulse