Primary

Context

Siemens SCALANCE LPE9403 SFTP Privilege Escalation Vulnerability

Vulnerability

Patched

A vulnerability exists in Siemens SCALANCE LPE9403 (6GK5998-3GS00-2AC2) in all versions prior to 4.0. The issue arises because the SFTP functionality does not properly restrict the scope of accessible files or the privileges granted. This flaw could enable an authenticated, highly-privileged remote attacker to read and write arbitrary files on the device.

Impact

Exploitation of this vulnerability could lead to unauthorized reading and writing of files on the affected device.

Remediation

Users are advised to update SCALANCE LPE9403 to version 4.0 or later. Additional information can be found on the Siemens support website.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

5.0

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

5.0

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens SCALANCE LPE9403 SFTP Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Siemens SCALANCE LPE9403

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating