Siemens SCALANCE LPE9403 Third-Party Vulnerabilities
Act NowCVSS 9.8ICS-CERT ICSA-22-167-09Jun 14, 2022
Siemens
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Multiple vulnerabilities in third-party components (CivetWeb, Docker, Linux Kernel, systemd) in SCALANCE LPE9403 devices running firmware versions prior to 2.0 could allow remote code execution and compromise of confidentiality, integrity, and availability. The vulnerabilities include path traversal (CWE-22), incorrect access control (CWE-665, CWE-281, CWE-732), resource exhaustion (CWE-770), and information disclosure (CWE-200).
What this means
What could happen
An attacker with network access could execute commands on the SCALANCE LPE9403 device, potentially accessing sensitive network data, modifying device configuration or firewall rules, or disrupting network connectivity for critical industrial systems.
Who's at risk
Network device administrators managing Siemens SCALANCE LPE9403 Ethernet protection appliances in industrial networks, particularly those used in water authorities, electric utilities, and manufacturing facilities to provide perimeter security and network segmentation.
How it could be exploited
An attacker on the network sends specially crafted requests targeting third-party component vulnerabilities in the device's web interface or services. No authentication is required. Successful exploitation allows arbitrary code execution on the device with the privileges of the running service, potentially leading to full device compromise.
Prerequisites
- Network reachability to the SCALANCE LPE9403 device on HTTP/HTTPS ports
- Device running firmware version prior to 2.0
Remotely exploitableNo authentication requiredLow complexity attackActively exploited (KEV)High EPSS score (82.7%)Affects network infrastructure
Exploitability
Actively exploited — confirmed by CISA KEV
Metasploit module available — weaponized exploitView module ↗
Public Proof-of-Concept (PoC) on GitHub (10 repositories)
Affected products (12)
12 with fix
ProductAffected VersionsFix Status
RUGGEDCOM ROX MX5000< 2.17.02.17.0
RUGGEDCOM ROX MX5000RE< 2.17.02.17.0
RUGGEDCOM ROX RX1400< 2.17.02.17.0
RUGGEDCOM ROX RX1500< 2.17.02.17.0
RUGGEDCOM ROX RX1501< 2.17.02.17.0
RUGGEDCOM ROX RX1510< 2.17.02.17.0
RUGGEDCOM ROX RX1511< 2.17.02.17.0
RUGGEDCOM ROX RX1512< 2.17.02.17.0
Remediation & Mitigation
0/3
Do now
0/2SCALANCE LPE9403
HOTFIXUpdate SCALANCE LPE9403 firmware to version 2.0 or later
WORKAROUNDRestrict network access to the SCALANCE LPE9403 management interface using firewall rules and access control lists
Long-term hardening
0/1HARDENINGSegment industrial network to limit exposure of the device to untrusted networks
CVEs (92)
CVE-2018-1000876CVE-2018-7169CVE-2019-12900CVE-2019-9893CVE-2020-21047CVE-2020-22217CVE-2021-35550CVE-2021-35559CVE-2021-35564CVE-2021-35567CVE-2021-35586CVE-2021-35588CVE-2021-36084CVE-2021-36086CVE-2021-38185CVE-2021-47361CVE-2022-0492CVE-2022-0850CVE-2022-1734CVE-2022-23039CVE-2022-24958CVE-2022-27223CVE-2022-2964CVE-2022-30594CVE-2022-34903CVE-2022-37032CVE-2022-41858CVE-2022-48626CVE-2022-48926CVE-2022-48948CVE-2022-48960CVE-2022-48962CVE-2022-48966CVE-2022-48967CVE-2022-49058CVE-2023-27043CVE-2023-28322CVE-2023-29383CVE-2023-29491CVE-2023-41358CVE-2023-46218CVE-2023-4641CVE-2023-46753CVE-2023-47234CVE-2024-0397CVE-2024-11168CVE-2024-12133CVE-2024-12243CVE-2024-28085CVE-2024-32487CVE-2024-50602CVE-2024-52533CVE-2024-5642CVE-2024-6232CVE-2024-6923CVE-2024-7592CVE-2025-0938CVE-2021-47358CVE-2022-0435CVE-2022-1353CVE-2022-20141CVE-2022-23040CVE-2022-2639CVE-2022-28390CVE-2022-3424CVE-2022-36123CVE-2022-37434CVE-2022-48624CVE-2022-48919CVE-2022-48951CVE-2018-12934CVE-2018-9234CVE-2019-14866CVE-2020-12762CVE-2020-35525CVE-2021-35556CVE-2021-35561CVE-2021-35565CVE-2021-35578CVE-2021-35603CVE-2021-36085CVE-2021-36087CVE-2020-27304CVE-2021-20317CVE-2021-33910CVE-2021-36221CVE-2021-39293CVE-2021-41089CVE-2021-41091CVE-2021-41092CVE-2021-41103CVE-2022-0847
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/f526f0f7-a1b3-4abd-bb8f-85d0fc8ced06Get OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.