Remote Code Execution Vulnerability in SCALANCE LPE9403 by Siemens
CVE-2025-27398

2.1LOW

Key Information:

Vendor: Siemens
Status: Scalance Lpe9403
Vendor: CVE Published:; 11 March 2025

Summary

A security vulnerability has been discovered in SCALANCE LPE9403 devices, specifically affecting all versions prior to V4.0. This issue arises from improper neutralization of special characters when processing user-controlled log paths. As a result, an authenticated remote attacker with elevated privileges could exploit this flaw to execute a limited set of existing binaries on the filesystem. Addressing this vulnerability is crucial for maintaining device integrity and safeguarding against potential security breaches.

Affected Version(s)

SCALANCE LPE9403 0

References

https://cert-portal.siemens.com/productcert/html/ssa-0752...

CVSS V4

Score:

2.1

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Mar 11, 2025
Vulnerability Reserved
Feb 24, 2025