ID
VAR-202505-1596
CVE
CVE-2025-40573
TITLE
Siemens' SCALANCE LPE9403 Path traversal vulnerability in firmware
Trust: 0.8
DESCRIPTION
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices are vulnerable to path traversal attacks. This could allow a privileged local attacker to restore backups that are outside the backup folder. The Siemens SCALANCE LPE9403 is a local processing engine designed by Siemens for industrial field data processing. It is used to capture, collect, and pre-process industrial field data
Trust: 2.16
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | siemens | model: | scalance lpe9403 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | シーメンス | model: | scalance lpe9403 | scope: | eq | version: | scalance lpe9403 firmware | Trust: 0.8 |
| vendor: | シーメンス | model: | scalance lpe9403 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | scalance lpe9403 | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | siemens | model: | scalance lpe9403 hf0 | scope: | lt | version: | v4.0 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-35 | Trust: 1.0 |
| problemtype: | CWE-22 | Trust: 1.0 |
| problemtype: | Path traversal (CWE-22) [NVD evaluation ] | Trust: 0.8 |
| problemtype: | path traversal (.../...//)(CWE-35) [ others ] | Trust: 0.8 |
PATCH
| title: | Patch for Siemens SCALANCE LPE9403 Path Traversal Vulnerability (CNVD-2025-17601) | url: | https://www.cnvd.org.cn/patchInfo/show/715281 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2025-40573 | Trust: 3.2 |
| db: | SIEMENS | id: | SSA-327438 | Trust: 1.8 |
| db: | ICS CERT | id: | ICSA-25-135-18 | Trust: 0.8 |
| db: | JVN | id: | JVNVU92528757 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2025-006097 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2025-17601 | Trust: 0.6 |
REFERENCES
| url: | https://cert-portal.siemens.com/productcert/html/ssa-327438.html | Trust: 1.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2025-40573 | Trust: 1.4 |
| url: | https://jvn.jp/vu/jvnvu92528757/ | Trust: 0.8 |
| url: | https://www.cisa.gov/news-events/ics-advisories/icsa-25-135-18 | Trust: 0.8 |
SOURCES
| db: | CNVD | id: | CNVD-2025-17601 |
| db: | JVNDB | id: | JVNDB-2025-006097 |
| db: | NVD | id: | CVE-2025-40573 |
LAST UPDATE DATE
2025-08-07T21:00:07.805000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2025-17601 | date: | 2025-08-06T00:00:00 |
| db: | JVNDB | id: | JVNDB-2025-006097 | date: | 2025-06-02T05:30:00 |
| db: | NVD | id: | CVE-2025-40573 | date: | 2025-07-08T11:15:27.797 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2025-17601 | date: | 2025-08-06T00:00:00 |
| db: | JVNDB | id: | JVNDB-2025-006097 | date: | 2025-06-02T00:00:00 |
| db: | NVD | id: | CVE-2025-40573 | date: | 2025-05-13T10:15:26.773 |