Incorrect Default Permissions
CVE-2025-40585
Summary
A vulnerability has been identified in Energy Services (All versions with G5DFR). Affected solutions using G5DFR contain default credentials. This could allow an attacker to gain control of G5DFR component and tamper with outputs from the device.
- LOW
- NETWORK
- HIGH
- CHANGED
- NONE
- NONE
- LOW
- LOW
CWE-276 - Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
References
Advisory Timeline
- Published
