Primary

Context

Siemens SCALANCE LPE9403 SNMP User Creation Input Validation Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Patched

A vulnerability exists in Siemens SCALANCE LPE9403 (6GK5998-3GS00-2AC2) in all versions prior to 4.0. The issue arises because the device does not adequately sanitize user input when new SNMP users are created. This flaw could enable an authenticated, highly-privileged remote attacker to execute arbitrary code on the device.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of arbitrary code on the affected device.

Remediation

Users are advised to update SCALANCE LPE9403 to version 4.0 or later. Additional information can be found on the Siemens Industry Support website.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.1

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.1

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens SCALANCE LPE9403 SNMP User Creation Input Validation Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

Siemens SCALANCE LPE9403

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating