VYPR

SCALANCE LPE9403

by Siemens Foundation

CVEs (23)

  • CVE-2023-27407CriMay 9, 2023
    risk 0.64cvss 9.9epss 0.01

    A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The web based management of affected device does not properly validate user input, making it susceptible to command injection. This could allow an authenticated remote attacker to access the…

  • CVE-2025-27396HigMar 11, 2025
    risk 0.57cvss 8.8epss 0.00

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit the elevation of privileges required to perform certain valid functionality. This could allow an authenticated lowly-privileged remote…

  • CVE-2025-40582HigMay 13, 2025
    risk 0.51cvss 7.8epss 0.00

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices do not properly sanitize configuration parameters. This could allow a non-privileged local attacker to execute root…

  • CVE-2025-40574HigMay 13, 2025
    risk 0.51cvss 7.8epss 0.00

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices do not properly assign permissions to critical ressources. This could allow a non-privileged local attacker to interact with the backupmanager service.

  • CVE-2025-27395HigMar 11, 2025
    risk 0.47cvss 7.2epss 0.01

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit the scope of files accessible through and the privileges of the SFTP functionality. This could allow an authenticated highly-privileged…

  • CVE-2025-27394HigMar 11, 2025
    risk 0.47cvss 7.2epss 0.01

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new SNMP users. This could allow an authenticated highly-privileged remote attacker to execute arbitrary code…

  • CVE-2025-27393HigMar 11, 2025
    risk 0.47cvss 7.2epss 0.01

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new users. This could allow an authenticated highly-privileged remote attacker to execute arbitrary code on the…

  • CVE-2025-27392HigMar 11, 2025
    risk 0.47cvss 7.2epss 0.01

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new VXLAN configurations. This could allow an authenticated highly-privileged remote attacker to execute…

  • CVE-2025-40581HigMay 13, 2025
    risk 0.46cvss 7.1epss 0.00

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices are vulnerable to an authentication bypass. This could allow a non-privileged local attacker to bypass the…

  • CVE-2025-40580MedMay 13, 2025
    risk 0.44cvss 6.7epss 0.00

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices are vulnerable to a stack-based buffer overflow. This could allow a non-privileged local attacker to execute arbitrary code on the device or to cause a…

  • CVE-2025-40579MedMay 13, 2025
    risk 0.44cvss 6.7epss 0.00

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices are vulnerable to a stack-based buffer overflow. This could allow a non-privileged local attacker to execute arbitrary code on the device or to cause a…

  • CVE-2025-40572MedMay 13, 2025
    risk 0.36cvss 5.5epss 0.00

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices do not properly assign permissions to critical ressources. This could allow a non-privileged local attacker to access sensitive information stored on the…

  • CVE-2025-40583MedMay 13, 2025
    risk 0.29cvss 4.4epss 0.00

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices do transmit sensitive information in cleartext. This could allow a privileged local attacker to retrieve this sensitive…

  • CVE-2025-40573MedMay 13, 2025
    risk 0.29cvss 4.4epss 0.00

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices are vulnerable to path traversal attacks. This could allow a privileged local attacker to restore backups that are outside the backup folder.

  • CVE-2025-40578MedMay 13, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices do not properly handle multiple incoming Profinet packets received in rapid succession. An unauthenticated remote attacker can exploit this flaw by sending multiple…

  • CVE-2025-40577MedMay 13, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices do not properly validate incoming Profinet packets. An unauthenticated remote attacker can exploit this flaw by sending a specially crafted malicious packet,…

  • CVE-2025-40576MedMay 13, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices do not properly validate incoming Profinet packets. An unauthenticated remote attacker can exploit this flaw by sending a specially crafted malicious packet,…

  • CVE-2025-40575MedMay 13, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices do not properly validate incoming Profinet packets. An unauthenticated remote attacker can exploit this flaw by sending a specially crafted malicious packet,…

  • CVE-2025-27397LowMar 11, 2025
    risk 0.25cvss 3.8epss 0.00

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit user controlled paths to which logs are written and from where they are read. This could allow an authenticated highly-privileged remote…

  • CVE-2023-27408LowMay 9, 2023
    risk 0.21cvss 3.3epss 0.00

    A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The `i2c` mutex file is created with the permissions bits of `-rw-rw-rw-`. This file is used as a mutex for multiple applications interacting with i2c. This could allow an authenticated attacker with…

Page 1 of 2