Primary

Context

Siemens SCALANCE LPE9403 Log Path Vulnerability Allowing Arbitrary File Access

Vulnerability

Patched

A path traversal vulnerability has been identified in Siemens SCALANCE LPE9403 (6GK5998-3GS00-2AC2) all versions prior to 4.0. The vulnerability arises because affected devices do not properly restrict user-controlled paths for log file writing and reading. This flaw could enable an authenticated, highly privileged remote attacker to read and write arbitrary files in the filesystem, provided the malicious path ends with 'log'.

Impact

Exploitation of this vulnerability could lead to unauthorized reading and writing of files in the device's filesystem, potentially allowing for further exploitation or manipulation of the device.

Remediation

Users are advised to update SCALANCE LPE9403 to version 4.0 or later. For more information, visit the Siemens Industry Support page.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

1.3

exploitability

4.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

1.3

exploitability

4.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens SCALANCE LPE9403 Log Path Vulnerability Allowing Arbitrary File Access

Vulnerability

Impact

Remediation

Affected Products

Siemens SCALANCE LPE9403

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating