SB20251210194 - Multiple vulnerabilities in Siemens Gridscale X Prepay
Published: December 10, 2025
Security Bulletin ID
SB20251210194
Severity
Medium
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Observable Response Discrepancy (CVE-ID: CVE-2025-40806)
The vulnerability allows a remote attacker to gain access to sensitive information on the system.
The vulnerability exists due to distinguishable responses. A remote attacker can determine if a user is valid or not.
2) Authentication Bypass by Capture-replay (CVE-ID: CVE-2025-40807)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to authentication bypass by capture-replay. A remote user can establish still valid user sessions.
Remediation
Install update from vendor's website.