Race Condition Vulnerability in SCALANCE and RUGGEDCOM Products
CVE-2025-40569

5.9MEDIUM

Key Information:

Vendor: Siemens
Status: Ruggedcom Rst2428p; Scalance Xch328; Scalance Xcm324; Scalance Xcm328
Vendor: CVE Published:; 10 June 2025

What is CVE-2025-40569?

A vulnerability exists in the web interface of specific RUGGEDCOM and SCALANCE products which exposes a race condition in the 'Load Configuration from Local PC' feature. This flaw may allow an authenticated remote attacker to exploit the functionality, enabling them to load a manipulated configuration that could replace the legitimate one. The exploitation requires the legitimate administrator's interaction with the web interface, adding a layer of complexity to the attack vector.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

RUGGEDCOM RST2428P 0

SCALANCE XCH328 0

SCALANCE XCM324 0

References

https://cert-portal.siemens.com/productcert/html/ssa-6937...

CVSS V4

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Jun 10, 2025
Vulnerability Reserved
Apr 16, 2025

JSON

Siemens