Analysis Summary

CVE-2025-40582 CVSS:7.8

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices do not properly sanitize configuration parameters. This could allow a non-privileged local attacker to execute root commands on the device.

CVE-2025-40581 CVSS:7.1

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices are vulnerable to an authentication bypass. This could allow a non-privileged local attacker to bypass the authentication of the SINEMA Remote Connect Edge Client, and to read and modify the configuration parameters.

CVE-2025-40574 CVSS:7.8

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices do not properly assign permissions to critical ressources. This could allow a non-privileged local attacker to interact with the backupmanager service.

CVE-2025-40566 CVSS:8.8

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1). Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a legitimate user's session even after logout.

Impact

• Gain Access
• Security Bypass

Indicators of Compromise

CVE

• CVE-2025-40582

• CVE-2025-40581

• CVE-2025-40574

• CVE-2025-40566

Affected Vendors

Affected Products

• Siemens SCALANCE LPE9403 - 0
• Siemens SIMATIC PCS neo V4.1 - 0
• Siemens SIMATIC PCS neo V5.0 - 0

Remediation

Refer to the Siemens Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2025-40582

CVE-2025-40581

CVE-2025-40574

CVE-2025-40566