July 1, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple Adobe ColdFusion Vulnerabilities
May 14, 2025Multiple Microsoft Office Products Vulnerabilities
May 14, 2025Multiple Adobe ColdFusion Vulnerabilities
May 14, 2025Multiple Microsoft Office Products Vulnerabilities
May 14, 2025
Severity
Medium
Analysis Summary
CVE-2025-40583 CVSS:4.4
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2). Affected devices do transmit sensitive information in cleartext.
CVE-2025-40580 CVSS:6.7
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2). Affected devices are vulnerable to a stack-based buffer overflow. This could allow a non-privileged local attacker to execute arbitrary code on the device or to cause a denial of service condition.
CVE-2025-40579 CVSS:6.7
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2). Affected devices are vulnerable to a stack-based buffer overflow. This could allow a non-privileged local attacker to execute arbitrary code on the device or to cause a denial of service condition.
CVE-2025-40578 CVSS:4.3
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2). Affected devices do not properly handle multiple incoming Profinet packets received in rapid succession. An unauthenticated remote attacker can exploit this flaw by sending multiple packets in a very short time frame, which leads to a crash of the dcpd process.
CVE-2025-40577 CVSS:4.3
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2). Affected devices do not properly validate incoming Profinet packets. An unauthenticated remote attacker can exploit this flaw by sending a specially crafted malicious packet, which leads to a crash of the dcpd process.
CVE-2025-40576 CVSS:4.3
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2). Affected devices do not properly validate incoming Profinet packets. An unauthenticated remote attacker can exploit this flaw by sending a specially crafted malicious packet, which leads to a crash of the dcpd process.
CVE-2025-40575 CVSS:5.3
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2). Affected devices do not properly validate incoming Profinet packets. An unauthenticated remote attacker can exploit this flaw by sending a specially crafted malicious packet, which leads to a crash of the dcpd process.
CVE-2025-40573 CVSS:4.4
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2). Affected devices are vulnerable to path traversal attacks. This could allow a privileged local attacker to restore backups outside the backup folder.
Impact
- Denial of Service
- Code Execution
- Buffer Overflow
Indicators of Compromise
CVE
- CVE-2025-40583
- CVE-2025-40580
- CVE-2025-40579
- CVE-2025-40578
- CVE-2025-40577
- CVE-2025-40576
- CVE-2025-40575
- CVE-2025-40573
Affected Vendors
Siemens
Affected Products
- Siemens Scalance Lpe9403 Firmware
Remediation
Refer to Siemens Security Advisory for patch, upgrade, or suggested workaround information.