How severe is CVE-2025-40575?

CVE-2025-40575 has a CVSS v3 score of 4.3 (MEDIUM).

CVE-2025-40575

Name: scalance_lpe9403
Author: siemens

4.3MEDIUM

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices do not properly validate incoming Profinet packets. An unauthenticated remote

Veröffentlicht: 5/13/2025Aktualisiert: 7/8/2025

Beschreibung

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices do not properly validate incoming Profinet packets. An unauthenticated remote attacker can exploit this flaw by sending a specially crafted malicious packet, which leads to a crash of the dcpd process.

KI-AnalyseKI-gestützt

Betroffene Produkte

siemensscalance_lpe9403_firmware

siemensscalance_lpe9403

Referenzen

https://cert-portal.siemens.com/productcert/html/ssa-327438.html
Vendor Advisory