CVE-2025-40573

Summary

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices are vulnerable to path traversal attacks. This could allow a privileged local attacker to restore backups that are outside the backup folder.

Affected Software

VendorProductVersion RangeStatus
SiemensSCALANCE LPE94030 < V4.0 HF0affected

Weaknesses

  • CWE-35: CWE-35: Path Traversal: '…/…//'

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References