Primary

Context

Siemens SCALANCE LPE9403 Profinet Packet Validation Vulnerability Leading to Denial-of-Service

Vulnerability

A denial-of-service vulnerability has been identified in Siemens SCALANCE LPE9403 devices (6GK5998-3GS00-2AC2, all versions). The issue arises because affected devices do not properly validate incoming Profinet packets. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted packet, causing the dcpd process to crash.

Impact

Exploitation of this vulnerability leads to a crash of the dcpd process, causing a denial-of-service condition on the affected device.

Remediation

Siemens recommends disabling the Profinet Discovery and Configuration Protocol (DCP) service on affected devices. For general security, it is advised to protect network access to devices with appropriate measures and to follow Siemens' operational guidelines for Industrial Security.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

4.9

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

4.9

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens SCALANCE LPE9403 Profinet Packet Validation Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

Siemens SCALANCE LPE9403

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating