Request a Demo
Rewterz
Multiple Adobe ColdFusion Vulnerabilities
May 14, 2025
Rewterz
Multiple Microsoft Office Products Vulnerabilities
May 14, 2025

ICS: Multiple Siemens Scalance Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2025-40583 CVSS:4.4

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2). Affected devices do transmit sensitive information in cleartext.

CVE-2025-40580 CVSS:6.7

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2). Affected devices are vulnerable to a stack-based buffer overflow. This could allow a non-privileged local attacker to execute arbitrary code on the device or to cause a denial of service condition.

CVE-2025-40579 CVSS:6.7

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2). Affected devices are vulnerable to a stack-based buffer overflow. This could allow a non-privileged local attacker to execute arbitrary code on the device or to cause a denial of service condition.

CVE-2025-40578 CVSS:4.3

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2). Affected devices do not properly handle multiple incoming Profinet packets received in rapid succession. An unauthenticated remote attacker can exploit this flaw by sending multiple packets in a very short time frame, which leads to a crash of the dcpd process.

CVE-2025-40577 CVSS:4.3

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2). Affected devices do not properly validate incoming Profinet packets. An unauthenticated remote attacker can exploit this flaw by sending a specially crafted malicious packet, which leads to a crash of the dcpd process.

CVE-2025-40576 CVSS:4.3

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2). Affected devices do not properly validate incoming Profinet packets. An unauthenticated remote attacker can exploit this flaw by sending a specially crafted malicious packet, which leads to a crash of the dcpd process.

CVE-2025-40575 CVSS:5.3

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2). Affected devices do not properly validate incoming Profinet packets. An unauthenticated remote attacker can exploit this flaw by sending a specially crafted malicious packet, which leads to a crash of the dcpd process.

CVE-2025-40573 CVSS:4.4

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2). Affected devices are vulnerable to path traversal attacks. This could allow a privileged local attacker to restore backups outside the backup folder.

Impact

  • Denial of Service
  • Code Execution
  • Buffer Overflow

Indicators of Compromise

CVE

  • CVE-2025-40583
  • CVE-2025-40580
  • CVE-2025-40579
  • CVE-2025-40578
  • CVE-2025-40577
  • CVE-2025-40576
  • CVE-2025-40575
  • CVE-2025-40573

Affected Vendors

Siemens

Affected Products

  • Siemens Scalance Lpe9403 Firmware

Remediation

Refer to Siemens Security Advisory for patch, upgrade, or suggested workaround information.

Siemens Security Advisory