CVE-2025-40574

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices do not properly assign permissions to critical ressources. This could allow a non-privileged local attacker to interact with the backupmanager service.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:siemens:scalance_lpe9403_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_lpe9403:-:*:*:*:*:*:*:*

History

04 Jun 2025, 16:33

Type Values Removed Values Added
CPE cpe:2.3:o:siemens:scalance_lpe9403_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_lpe9403:-:*:*:*:*:*:*:*
First Time Siemens
Siemens scalance Lpe9403
Siemens scalance Lpe9403 Firmware
References () https://cert-portal.siemens.com/productcert/html/ssa-327438.html - () https://cert-portal.siemens.com/productcert/html/ssa-327438.html - Vendor Advisory
Summary
  • (es) Se ha identificado una vulnerabilidad en SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (todas las versiones). Los dispositivos afectados no asignan correctamente los permisos a recursos críticos. Esto podría permitir que un atacante local sin privilegios interactúe con el servicio BackupManager.

13 May 2025, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-05-13 10:15

Updated : 2025-06-04 16:33


NVD link : CVE-2025-40574

Mitre link : CVE-2025-40574

CVE.ORG link : CVE-2025-40574


JSON object : View

Products Affected

siemens

  • scalance_lpe9403
  • scalance_lpe9403_firmware
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource