Severity
High
Analysis Summary
CVE-2025-40582 CVSS:7.8
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices do not properly sanitize configuration parameters. This could allow a non-privileged local attacker to execute root commands on the device.
CVE-2025-40581 CVSS:7.1
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices are vulnerable to an authentication bypass. This could allow a non-privileged local attacker to bypass the authentication of the SINEMA Remote Connect Edge Client, and to read and modify the configuration parameters.
CVE-2025-40574 CVSS:7.8
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices do not properly assign permissions to critical ressources. This could allow a non-privileged local attacker to interact with the backupmanager service.
CVE-2025-40566 CVSS:8.8
A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1). Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a legitimate user's session even after logout.
Impact
- Gain Access
- Security Bypass
Indicators of Compromise
CVE
CVE-2025-40582
CVE-2025-40581
CVE-2025-40574
CVE-2025-40566
Affected Vendors
Affected Products
- Siemens SCALANCE LPE9403 - 0
- Siemens SIMATIC PCS neo V4.1 - 0
- Siemens SIMATIC PCS neo V5.0 - 0
Remediation
Refer to the Siemens Security Advisory for patch, upgrade, or suggested workaround information.