CVE-2025-40568

Summary

A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.2), SCALANCE XCH328 (6GK5328-4TS01-2EC2) (All versions < V3.2), SCALANCE XCM324 (6GK5324-8TS01-2AC2) (All versions < V3.2), SCALANCE XCM328 (6GK5328-4TS01-2AC2) (All versions < V3.2), SCALANCE XCM332 (6GK5332-0GA01-2AC2) (All versions < V3.2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) (All versions < V3.2), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) (All versions < V3.2), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3) (All versions < V3.2), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3) (All versions < V3.2), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3) (All versions < V3.2), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3) (All versions < V3.2), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3) (All versions < V3.2), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3) (All versions < V3.2), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3) (All versions < V3.2), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3) (All versions < V3.2). An internal session termination functionality in the web interface of affected products contains an incorrect authorization check vulnerability. This could allow an authenticated remote attacker with "guest" role to terminate legitimate users' sessions.

Affected Software

VendorProductVersion RangeStatus
SiemensRUGGEDCOM RST2428P0 < V3.2affected
SiemensSCALANCE XCH3280 < V3.2affected
SiemensSCALANCE XCM3240 < V3.2affected
SiemensSCALANCE XCM3280 < V3.2affected
SiemensSCALANCE XCM3320 < V3.2affected
SiemensSCALANCE XRH334 (24 V DC, 8xFO, CC)0 < V3.2affected
SiemensSCALANCE XRM334 (230 V AC, 12xFO)0 < V3.2affected
SiemensSCALANCE XRM334 (230 V AC, 8xFO)0 < V3.2affected
SiemensSCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+)0 < V3.2affected
SiemensSCALANCE XRM334 (24 V DC, 12xFO)0 < V3.2affected
SiemensSCALANCE XRM334 (24 V DC, 8xFO)0 < V3.2affected
SiemensSCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+)0 < V3.2affected
SiemensSCALANCE XRM334 (2x230 V AC, 12xFO)0 < V3.2affected
SiemensSCALANCE XRM334 (2x230 V AC, 8xFO)0 < V3.2affected
SiemensSCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+)0 < V3.2affected

Weaknesses

  • CWE-863: CWE-863: Incorrect Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References