PwnKit Vulnerability in SCALANCE LPE9403 and SINUMERIK Edge Products (CVE-2021-4034)

An unprivileged user with local access to the device could gain administrative control, potentially allowing them to modify system configurations, disable safety features, or disrupt normal operations of the SCALANCE industrial switch or SINUMERIK Edge system.

This vulnerability affects operators of Siemens SCALANCE LPE9403 industrial network switches and SINUMERIK Edge manufacturing control systems. Any facility using these products for energy or manufacturing automation should prioritize patching. The risk is highest in environments where staff or contractors have legitimate local access to these devices.

An attacker with local shell access (or who has obtained a standard user account on the device) can exploit a flaw in the pkexec utility to escalate their privileges to root without requiring valid administrative credentials. Once elevated, they can execute arbitrary commands with full system control.