Siemens SCALANCE LPE9403

Plan Patch8.8ICS-CERT ICSA-25-072-06Mar 11, 2025

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

The SCALANCE LPE9403 is affected by multiple vulnerabilities (CWE-78 arbitrary command execution, CWE-22 path traversal, CWE-273 authentication bypass) that could allow an authenticated attacker to compromise confidentiality, integrity, and availability of the device. Siemens has released a firmware update (V4.0) that resolves these issues.

What this means

What could happen

An attacker with network and login access to the SCALANCE LPE9403 could execute arbitrary commands, read or modify configuration files, or disrupt operations on connected industrial equipment.

Who's at risk

Water utilities, municipal electric systems, and industrial facilities relying on the Siemens SCALANCE LPE9403 managed Ethernet switch for network communications in their control systems. This device is commonly used in industrial automation to connect PLCs, RTUs, and field instruments.

How it could be exploited

An attacker must reach the device over the network and provide valid login credentials. Once authenticated, the attacker could execute arbitrary system commands (CWE-78), access restricted files (CWE-22), or bypass authentication controls (CWE-273) to impact confidentiality, integrity, or availability of the device and downstream equipment it manages.

Prerequisites

Network access to the SCALANCE LPE9403 device
Valid user credentials (login required)
Device running software version earlier than V4.0

remotely exploitableauthentication requiredlow complexity attackvendor patch availableCVSS 8.8 (high severity)

Exploitability

Low exploit probability (EPSS 0.8%)

Affected products (1)

ProductAffected VersionsFix Status

SCALANCE LPE9403<V4.04.0

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to the SCALANCE LPE9403 using firewall rules to limit connections to only authorized management workstations and engineering stations

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SCALANCE LPE9403 to firmware version V4.0 or later

Long-term hardening

0/2

HARDENINGImplement network segmentation to isolate the SCALANCE LPE9403 and other control system devices from the business network and the internet

HARDENINGDeploy remote access through a VPN when engineering or remote management is required, instead of direct internet exposure

CVEs (7)

CVE-2025-27392 CVE-2025-27393 CVE-2025-27394 CVE-2025-27395 CVE-2025-27396 CVE-2025-27397 CVE-2025-27398

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e1f8892c-0eca-497a-961d-8effc488a39f