Input Sanitization Flaw in SCALANCE LPE9403 by Siemens
CVE-2025-27394

8.6HIGH

Key Information:

Vendor: Siemens
Status: Scalance Lpe9403
Vendor: CVE Published:; 11 March 2025

Summary

A vulnerability exists in the SCALANCE LPE9403 where user input is not adequately sanitized when new SNMP users are created. This flaw may permit a highly-privileged authenticated remote attacker to execute arbitrary code on the affected device, thus compromising security protocols and potentially allowing unauthorized access.

Affected Version(s)

SCALANCE LPE9403 0

References

https://cert-portal.siemens.com/productcert/html/ssa-0752...

CVSS V4

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Mar 11, 2025
Vulnerability Reserved
Feb 24, 2025