Third-Party Component Vulnerabilities in SCALANCE LPE9403 before V2.0

Act Now9.8SSA-222547Jun 14, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities in third-party components—CivetWeb, Docker, Linux Kernel, and systemd—present in SCALANCE LPE9403 before V2.0 allow remote attackers to compromise confidentiality, integrity, and availability without authentication. These vulnerabilities are in active exploitation.

What this means

What could happen

An attacker could gain remote access to the SCALANCE LPE9403 industrial Ethernet switch and run arbitrary commands without authentication, potentially disrupting network connectivity throughout your facility or altering switch configuration.

Who's at risk

This affects water authorities and electric utilities using SCALANCE LPE9403 industrial Ethernet switches for network infrastructure. These switches are often critical backbone devices providing connectivity between control systems, SCADA platforms, and field devices. Compromise could isolate or disrupt multiple control networks simultaneously.

How it could be exploited

An attacker on the network or with network access to the device can send specially crafted requests to exploit unpatched third-party components (CivetWeb, Docker, Linux Kernel, systemd) running on the switch. No credentials or user interaction are required. The attacker gains code execution and can then modify routing rules, disrupt traffic, or pivot to other network devices.

Prerequisites

Network reachability to SCALANCE LPE9403 management interface or data ports
No authentication required
Device running firmware version before V2.0

Actively exploited (KEV)Remotely exploitableNo authentication requiredLow complexity attackHigh EPSS score (82.7%)Affects network infrastructure devices

Exploitability

Actively exploited — confirmed by CISA KEV

Affected products (1)

ProductAffected VersionsFix Status

SCALANCE LPE9403< V2.02.0

Remediation & Mitigation

0/3

Do now

0/2

HOTFIXUpdate SCALANCE LPE9403 firmware to version 2.0 or later

WORKAROUNDImmediately restrict network access to SCALANCE LPE9403 management interface using firewall rules or network segmentation until firmware update can be applied

Long-term hardening

0/1

HARDENINGSegregate SCALANCE LPE9403 onto a dedicated management network segment with strict access controls

CVEs (10)

CVE-2020-27304 CVE-2021-20317 CVE-2021-33910 CVE-2021-36221 CVE-2021-39293 CVE-2021-41089 CVE-2021-41091 CVE-2021-41092 CVE-2021-41103 CVE-2022-0847

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/9f71a42c-a7ec-41c6-a7cf-09aceb69f023