PatchSiren cyber security CVE debrief
CVE-2025-27392 Siemens CVE debrief
CVE-2025-27392 affects Siemens SCALANCE LPE9403 devices and involves improper sanitization of user input when creating new VXLAN configurations. According to the advisory, an authenticated, highly privileged remote attacker could leverage the flaw to execute arbitrary code on the device. CISA published the advisory on 2025-03-11 and later revised it on 2025-05-06 for typo fixes only.
- Vendor
- Siemens
- Product
- SCALANCE LPE9403 (6GK5998-3GS00-2AC2)
- CVSS
- HIGH 7.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-03-11
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-03-11
- Advisory updated
- 2025-05-06
Who should care
Organizations operating Siemens SCALANCE LPE9403 devices, especially OT/industrial network teams and administrators who can create or manage VXLAN configurations. Security and patch management teams responsible for Siemens industrial equipment should also prioritize review.
Technical summary
The published advisory describes a network-reachable code execution condition tied to VXLAN configuration handling on the SCALANCE LPE9403 (6GK5998-3GS00-2AC2). The CVSS vector (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C) indicates that exploitation is remote, requires high privileges, and needs no user interaction. The supplied corpus does not provide a full affected-version range, but it does identify remediation guidance to update to V4.0 or later.
Defensive priority
High. The combination of remote reachability, code execution impact, and OT/industrial context makes this a priority patching and access-control review item for environments using the affected Siemens device.
Recommended defensive actions
- Update Siemens SCALANCE LPE9403 to V4.0 or later using the vendor remediation guidance.
- Restrict and audit who can create or modify VXLAN configurations, since exploitation requires authenticated high privileges.
- Review management-plane access controls and administrative account hygiene for the affected device.
- Monitor Siemens and CISA advisory pages for any additional clarification or follow-up guidance.
- If immediate patching is not possible, apply compensating controls that reduce exposure of device administration interfaces and configuration workflows.
Evidence notes
All findings are drawn from the supplied CISA CSAF advisory (ICSA-25-072-06), the Siemens security advisory references, and the provided CVSS vector. The source corpus states that the vulnerability is due to improper input sanitization during creation of new VXLAN configurations and that remediation is to update to V4.0 or later. The advisory revision on 2025-05-06 is described as fixing typos only, so the issue/publication date remains 2025-03-11.
Official resources
-
CVE-2025-27392 CVE record
CVE.org
-
CVE-2025-27392 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed on 2025-03-11 in CISA ICS Advisory ICSA-25-072-06, with a revision on 2025-05-06 for typo fixes only. The supplied corpus links the issue to Siemens SCALANCE LPE9403 and points to vendor remediation guidance.