CVE-2025-40573

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices are vulnerable to path traversal attacks. This could allow a privileged local attacker to restore backups that are outside the backup folder.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:siemens:scalance_lpe9403_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_lpe9403:-:*:*:*:*:*:*:*

History

30 May 2025, 17:07

Type Values Removed Values Added
CWE CWE-22
First Time Siemens scalance Lpe9403 Firmware
Siemens
Siemens scalance Lpe9403
Summary
  • (es) Se ha identificado una vulnerabilidad en SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (todas las versiones). Los dispositivos afectados son vulnerables a ataques de path traversal. Esto podría permitir que un atacante local con privilegios restaure copias de seguridad fuera de la carpeta de copias de seguridad.
CPE cpe:2.3:o:siemens:scalance_lpe9403_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_lpe9403:-:*:*:*:*:*:*:*
References () https://cert-portal.siemens.com/productcert/html/ssa-327438.html - () https://cert-portal.siemens.com/productcert/html/ssa-327438.html - Vendor Advisory

13 May 2025, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-05-13 10:15

Updated : 2025-05-30 17:07


NVD link : CVE-2025-40573

Mitre link : CVE-2025-40573

CVE.ORG link : CVE-2025-40573


JSON object : View

Products Affected

siemens

  • scalance_lpe9403
  • scalance_lpe9403_firmware
CWE
CWE-35

Path Traversal: '.../...//'

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')