Elevation of Privileges in SCALANCE LPE9403 by Siemens
CVE-2025-27396

8.7HIGH

Key Information:

Vendor: Siemens
Status: Scalance Lpe9403
Vendor: CVE Published:; 11 March 2025

What is CVE-2025-27396?

A vulnerability has been detected in the SCALANCE LPE9403 that allows authenticated low-privileged remote attackers to escalate their privileges. This flaw arises from insufficient limitations on privilege elevation for certain legitimate functions, potentially enabling malicious users to gain unauthorized access to higher-level functionalities and sensitive data.

Affected Version(s)

SCALANCE LPE9403 0

References

https://cert-portal.siemens.com/productcert/html/ssa-0752...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 11, 2025
Vulnerability Reserved
Feb 24, 2025