Local Privilege Escalation in SCALANCE LPE9403 by Siemens
CVE-2025-40582

8.5HIGH

Key Information:

Vendor: Siemens
Status: Scalance Lpe9403
Vendor: CVE Published:; 13 May 2025

What is CVE-2025-40582?

A significant vulnerability has been identified in the SCALANCE LPE9403 device, specifically impacting all versions with the SINEMA Remote Connect Edge Client installed. The vulnerability arises from improper sanitization of configuration parameters, enabling a non-privileged local attacker to execute root commands on the device. This flaw poses security risks, allowing unauthorized actions that could compromise the integrity and functionality of the system.

Affected Version(s)

SCALANCE LPE9403 0

References

https://cert-portal.siemens.com/productcert/html/ssa-3274...

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
May 13, 2025
Vulnerability Reserved
Apr 16, 2025