CVE-2025-40568
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.2), SCALANCE XCH328 (6GK5328-4TS01-2EC2) (All versions < V3.2), SCALANCE XCM324 (6GK5324-8TS01-2AC2) (All versions < V3.2), SCALANCE XCM328 (6GK5328-4TS01-2AC2) (All versions < V3.2), SCALANCE XCM332 (6GK5332-0GA01-2AC2) (All versions < V3.2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) (All versions < V3.2), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) (All versions < V3.2), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3) (All versions < V3.2), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3) (All versions < V3.2), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3) (All versions < V3.2), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3) (All versions < V3.2), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3) (All versions < V3.2), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3) (All versions < V3.2), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3) (All versions < V3.2), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3) (All versions < V3.2). An internal session termination functionality in the web interface of affected products contains an incorrect authorization check vulnerability. This could allow an authenticated remote attacker with "guest" role to terminate legitimate users' sessions.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Siemens | RUGGEDCOM RST2428P | 0 < V3.2 | affected |
| Siemens | SCALANCE XCH328 | 0 < V3.2 | affected |
| Siemens | SCALANCE XCM324 | 0 < V3.2 | affected |
| Siemens | SCALANCE XCM328 | 0 < V3.2 | affected |
| Siemens | SCALANCE XCM332 | 0 < V3.2 | affected |
| Siemens | SCALANCE XRH334 (24 V DC, 8xFO, CC) | 0 < V3.2 | affected |
| Siemens | SCALANCE XRM334 (230 V AC, 12xFO) | 0 < V3.2 | affected |
| Siemens | SCALANCE XRM334 (230 V AC, 8xFO) | 0 < V3.2 | affected |
| Siemens | SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) | 0 < V3.2 | affected |
| Siemens | SCALANCE XRM334 (24 V DC, 12xFO) | 0 < V3.2 | affected |
| Siemens | SCALANCE XRM334 (24 V DC, 8xFO) | 0 < V3.2 | affected |
| Siemens | SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) | 0 < V3.2 | affected |
| Siemens | SCALANCE XRM334 (2x230 V AC, 12xFO) | 0 < V3.2 | affected |
| Siemens | SCALANCE XRM334 (2x230 V AC, 8xFO) | 0 < V3.2 | affected |
| Siemens | SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) | 0 < V3.2 | affected |
Weaknesses
- CWE-863: CWE-863: Incorrect Authorization
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.