Siemens Gridscale X Prepay username enumeration and account lock bypass vulnerability

Overview Vulnerabilities have been identified in Siemens Gridscale X Prepay that allows unauthenticated username enumeration and enables an attacker to bypass account lock functionality. These issues may permit unauthorized access or prolonged access to protected resources, even after an account...

Siemens Gridscale X Prepay Information Disclosure Vulnerability

Siemens Gridscale X Prepay is an energy prepayment and customer management system from Siemens, Germany. Siemens Gridscale X Prepay suffers from an information disclosure vulnerability that stems from a distinguishable response, which can be exploited by an attacker to cause user enumeration...

CVE-2025-40806

A vulnerability has been identified in Gridscale X Prepay All versions V4.2.1. The affected application is vulnerable to user enumeration due to distinguishable responses. This could allow an unauthenticated remote attacker to determine if a user is valid or not, enabling a brute force attack wit...

CVE-2025-40807

A vulnerability has been identified in Gridscale X Prepay All versions V4.2.1. The affected application is vulnerable to capture-replay of authentication tokens. This could allow an authenticated but already locked-out user to establish still valid user sessions...

CVE-2025-40806

A vulnerability has been identified in Gridscale X Prepay All versions V4.2.1. The affected application is vulnerable to user enumeration due to distinguishable responses. This could allow an unauthenticated remote attacker to determine if a user is valid or not, enabling a brute force attack wit...

PT-2025-49834

A vulnerability has been identified in Gridscale X Prepay All versions V4.2.1. The affected application is vulnerable to user enumeration due to distinguishable responses. This could allow an unauthenticated remote attacker to determine if a user is valid or not, enabling a brute force attack wit...

Siemens Gridscale X Prepay 安全漏洞

Siemens Gridscale X Prepay is an energy prepayment and customer management system from Siemens, Germany. A security bypass vulnerability exists in Siemens Gridscale X Prepay, which stems from authentication token replay, and can be exploited by an attacker to cause session hijacking...