CVE-2025-40581 HIGH

CVE-2025-40581

Vendor Siemens
Product SCALANCE LPE9403
Weakness CWE-288
Published May 13, 2025
Last update May 13, 2025

CVSS base score

7.1/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices are vulnerable to an authentication bypass. This could allow a non-privileged local attacker to bypass the authentication of the SINEMA Remote Connect Edge Client, and to read and modify the configuration parameters.

Key dates

02Disclosure timeline

May 13, 2025 CVE published
May 13, 2025 Record updated