Improper Input Validation in SCALANCE LPE9403 Devices by Siemens
CVE-2025-40575

5.3MEDIUM

Key Information:

Vendor: Siemens
Status: Scalance Lpe9403
Vendor: CVE Published:; 13 May 2025

What is CVE-2025-40575?

A vulnerability exists in Siemens SCALANCE LPE9403 devices, where improper validation of incoming Profinet packets can be exploited by unauthenticated remote attackers. By sending crafted malicious packets, these attackers may cause the dcpd process to crash, potentially leading to disruptions in network operations and exposing the impacted systems to further risks.

Affected Version(s)

SCALANCE LPE9403 0

References

https://cert-portal.siemens.com/productcert/html/ssa-3274...

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2025
Vulnerability Reserved
Apr 16, 2025