Multiple Vulnerabilities in SCALANCE LPE9403

Plan Patch7.8SSA-327438May 13, 2025

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

SCALANCE LPE9403 is affected by multiple vulnerabilities including insecure permissions (CWE-732), off-by-one errors (CWE-35), uninitialized variables (CWE-457), null pointer dereference (CWE-476), buffer over-read (CWE-125), and buffer overflow (CWE-121), along with weak authentication (CWE-288), command injection (CWE-78), and unencrypted transmission (CWE-319). These allow local attackers with valid credentials to compromise confidentiality, integrity, and availability of the switch and dependent network traffic. Siemens has released firmware V4.0 HF0 as a fix for some product variants and is preparing further updates for others.

What this means

What could happen

An attacker with local access to the SCALANCE LPE9403 could execute arbitrary code, modify configuration, or stop network operations through multiple unpatched vulnerabilities. This affects any industrial network that depends on this Ethernet switch for connectivity between control systems.

Who's at risk

Water authorities and electric utilities using SCALANCE LPE9403 managed Ethernet switches for industrial network backbone connectivity. This includes any facility where the switch interconnects PLCs, RTUs, HMIs, or SCADA servers. The risk is highest in plants where the switch is in the main control network path.

How it could be exploited

An attacker with local access to the device (via physical console, SSH, or local web interface) can exploit memory corruption, authentication bypass, or command injection vulnerabilities to run commands on the switch, modify its routing or filtering rules, or crash it entirely. The attack requires only local credentials, not remote network access.

Prerequisites

Local access to SCALANCE LPE9403 management interface (SSH, console, or web UI)
Valid local credentials or physical access to console port
Device running firmware version earlier than V4.0 HF0

Low complexity exploitationMultiple vulnerability types (memory corruption, authentication bypass, command injection)Affects critical network infrastructureNo remote exploitation required but local access is privilegedSiemens advisory indicates active investigation and future patches forthcoming

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

SCALANCE LPE9403All versions < V4.0 HF04.0 HF0

SCALANCE LPE9403All versions4.0 HF0

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict local console and SSH access to authorized engineering staff only; use strong unique passwords and disable default accounts

WORKAROUNDDisable unnecessary management interfaces (web UI, SSH) if your operational procedures allow console-only management

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

SCALANCE LPE9403

HOTFIXUpdate SCALANCE LPE9403 to firmware version 4.0 HF0 or later if available for your device variant

Long-term hardening

0/1

SCALANCE LPE9403

HARDENINGPlace SCALANCE LPE9403 on an isolated management network separate from production control traffic; require jump hosts or bastion access for any remote management

CVEs (12)

CVE-2025-40572 CVE-2025-40573 CVE-2025-40574 CVE-2025-40575 CVE-2025-40576 CVE-2025-40577 CVE-2025-40578 CVE-2025-40579 CVE-2025-40580 CVE-2025-40581 CVE-2025-40582 CVE-2025-40583

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0f6e60a8-0a56-4a3a-a69e-c1e63e8c4c46