Race Condition Vulnerability in SCALANCE and RUGGEDCOM Products
CVE-2025-40569

5.9MEDIUM

Key Information:

Vendor: Siemens
Status: Ruggedcom Rst2428p; Scalance Xc316-8; Scalance Xc324-4; Scalance Xc324-4 Eec
Vendor: CVE Published:; 10 June 2025

What is CVE-2025-40569?

A vulnerability exists in the web interface of specific RUGGEDCOM and SCALANCE products which exposes a race condition in the 'Load Configuration from Local PC' feature. This flaw may allow an authenticated remote attacker to exploit the functionality, enabling them to load a manipulated configuration that could replace the legitimate one. The exploitation requires the legitimate administrator's interaction with the web interface, adding a layer of complexity to the attack vector.

Affected Version(s)

RUGGEDCOM RST2428P 0

SCALANCE XC316-8 0

SCALANCE XC324-4 0

References

https://cert-portal.siemens.com/productcert/html/ssa-6937...

CVSS V4

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2025
Vulnerability Reserved
Apr 16, 2025

Siemens

What is CVE-2025-40569?

Affected Version(s)

References

CVSS V4

Timeline