Primary

Context

Siemens SCALANCE LPE9403 Improper Input Sanitization Vulnerability Allowing Limited Binary Execution

Vulnerability

Patched

A vulnerability exists in Siemens SCALANCE LPE9403 (6GK5998-3GS00-2AC2) in all versions prior to V4.0. The issue arises because the device does not properly sanitize user-controlled log paths, allowing an authenticated, highly-privileged remote attacker to execute a limited set of binaries that are already present on the filesystem.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of binaries on the affected device.

Remediation

Users are advised to update SCALANCE LPE9403 to version 4.0 or later. Additional guidance can be found on the Siemens Industry Support website.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.6

exploitability

4.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.6

exploitability

4.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens SCALANCE LPE9403 Improper Input Sanitization Vulnerability Allowing Limited Binary Execution

Vulnerability

Impact

Remediation

Affected Products

Siemens SCALANCE LPE9403

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating