CVE-2025-59392 is a vulnerability identified in Elspec G5 devices running firmware versions through 1.2.2.19. The flaw allows an attacker with physical access to the device to reset the administrator password by inserting a USB drive containing a specific reset string, which is publicly documented. This reset string triggers the device to bypass normal authentication mechanisms and reset the admin password, effectively granting full administrative control over the device. The vulnerability arises from the device's design that accepts USB input for password reset without additional authentication or verification. Since the reset string is publicly known, any individual with physical access and a USB drive can exploit this vulnerability. The vulnerability does not require network access or prior credentials, but it does require physical proximity and interaction with the device. There is no CVSS score assigned yet, and no known exploits have been reported in the wild. The affected devices are typically used in industrial or energy management contexts, where Elspec G5 devices monitor and control electrical parameters. The lack of firmware patches or mitigations at the time of publication increases the risk. The vulnerability compromises the confidentiality and integrity of the device by allowing unauthorized administrative access, which could lead to manipulation of device settings or disruption of operations.

For European organizations, particularly those in industrial, energy, and critical infrastructure sectors where Elspec G5 devices are deployed, this vulnerability poses a significant risk. Unauthorized administrative access can lead to manipulation of device configurations, potentially disrupting energy management, monitoring, or control systems. This can affect operational continuity, data integrity, and confidentiality of sensitive operational data. The physical access requirement limits remote exploitation but highlights the importance of physical security controls. In environments with shared or less controlled physical access, such as manufacturing plants, substations, or utility facilities, the risk is elevated. The vulnerability could be leveraged for sabotage, espionage, or preparation for more extensive attacks on critical infrastructure. The absence of patches or mitigations at the time of disclosure means organizations must rely on procedural and physical security controls to mitigate risk. The impact on availability is indirect but possible if administrative changes disrupt device operation.

1. Enforce strict physical security controls around Elspec G5 devices, including locked cabinets, restricted access rooms, and surveillance to prevent unauthorized physical access. 2. Disable or physically block USB ports on the devices if the functionality is not required for normal operations. 3. Monitor and log physical access to areas where these devices are installed to detect suspicious activity. 4. Implement procedural controls such as requiring dual authorization for device maintenance and password resets. 5. Regularly audit device configurations and access logs to detect unauthorized changes. 6. Engage with the vendor to obtain firmware updates or patches addressing this vulnerability as soon as they become available. 7. Consider network segmentation to isolate these devices from broader enterprise networks to limit the impact of potential compromise. 8. Educate personnel about the risks of physical access attacks and the importance of securing devices. 9. If possible, implement tamper-evident seals or alarms on device enclosures to detect unauthorized access attempts. 10. Maintain an incident response plan that includes procedures for handling physical security breaches and device compromise.