Remote Attack Vulnerability in SCALANCE LPE9403 by Siemens
CVE-2025-40578

5.3MEDIUM

Key Information:

Vendor: Siemens
Status: Scalance Lpe9403
Vendor: CVE Published:; 13 May 2025

What is CVE-2025-40578?

A security weakness exists in the SCALANCE LPE9403 devices due to improper management of incoming Profinet packets. This vulnerability enables an unauthenticated remote attacker to exploit the system by overwhelming it with multiple packets in a brief timeframe, resulting in a crash of the dcpd process. Organizations using this product should take immediate action to mitigate the risks associated with this flaw.

Affected Version(s)

SCALANCE LPE9403 0

References

https://cert-portal.siemens.com/productcert/html/ssa-3274...

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
May 13, 2025
Vulnerability Reserved
Apr 16, 2025