CVE-2025-40575

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices do not properly validate incoming Profinet packets. An unauthenticated remote attacker can exploit this flaw by sending a specially crafted malicious packet, which leads to a crash of the dcpd process.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:siemens:scalance_lpe9403_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_lpe9403:-:*:*:*:*:*:*:*

History

30 May 2025, 17:07

Type Values Removed Values Added
References () https://cert-portal.siemens.com/productcert/html/ssa-327438.html - () https://cert-portal.siemens.com/productcert/html/ssa-327438.html - Vendor Advisory
CWE NVD-CWE-noinfo
Summary
  • (es) Se ha identificado una vulnerabilidad en SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (todas las versiones). Los dispositivos afectados no validan correctamente los paquetes Profinet entrantes. Un atacante remoto no autenticado puede explotar esta vulnerabilidad enviando un paquete malicioso especialmente manipulado, lo que provoca un bloqueo del proceso dcpd.
CPE cpe:2.3:o:siemens:scalance_lpe9403_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_lpe9403:-:*:*:*:*:*:*:*
First Time Siemens scalance Lpe9403 Firmware
Siemens
Siemens scalance Lpe9403

13 May 2025, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-05-13 10:15

Updated : 2025-05-30 17:07


NVD link : CVE-2025-40575

Mitre link : CVE-2025-40575

CVE.ORG link : CVE-2025-40575


JSON object : View

Products Affected

siemens

  • scalance_lpe9403
  • scalance_lpe9403_firmware
CWE
CWE-457

Use of Uninitialized Variable

NVD-CWE-noinfo