Primary

Context

Siemens SCALANCE LPE9403 VXLAN Configuration Arbitrary Code Execution Vulnerability

Vulnerability

Patched

A vulnerability exists in Siemens SCALANCE LPE9403 (6GK5998-3GS00-2AC2) in all versions prior to V4.0. The issue arises because affected devices do not adequately sanitize user input when establishing new VXLAN configurations. This flaw could enable an authenticated, highly-privileged remote attacker to execute arbitrary code on the device.

Impact

Exploitation of this vulnerability could lead to unauthorized arbitrary code execution on the affected device.

Remediation

Users are advised to update SCALANCE LPE9403 to version V4.0 or later. Additional guidance can be found on the Siemens support portal.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.1

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.1

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens SCALANCE LPE9403 VXLAN Configuration Arbitrary Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Siemens SCALANCE LPE9403

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating