Primary

Context

Siemens SCALANCE LPE9403 Profinet Packet Handling Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in Siemens SCALANCE LPE9403 devices (6GK5998-3GS00-2AC2, all versions). The issue arises because affected devices do not properly manage multiple incoming Profinet packets received in quick succession. This flaw can be exploited by an unauthenticated remote attacker, who can send multiple packets in a short time frame, causing the dcpd process to crash.

Impact

Exploitation of this vulnerability leads to a crash of the dcpd process, causing a denial-of-service condition on the device.

Remediation

Siemens recommends disabling the Profinet Discovery and Configuration Protocol (DCP) service on affected devices. For general security, it is advised to protect network access to devices with appropriate measures and to follow Siemens' operational guidelines for Industrial Security.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

5.9

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

5.9

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens SCALANCE LPE9403 Profinet Packet Handling Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Siemens SCALANCE LPE9403

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating