PatchSiren cyber security CVE debrief
CVE-2025-27393 Siemens CVE debrief
CVE-2025-27393 is a high-severity Siemens advisory affecting the SCALANCE LPE9403 (6GK5998-3GS00-2AC2). The issue is in how user input is sanitized when creating new users. According to the advisory, an authenticated, highly privileged remote attacker could exploit the weakness to execute arbitrary code on the device. Siemens lists a fix in V4.0 or later.
- Vendor
- Siemens
- Product
- SCALANCE LPE9403 (6GK5998-3GS00-2AC2)
- CVSS
- HIGH 7.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-03-11
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-03-11
- Advisory updated
- 2025-05-06
Who should care
Organizations operating Siemens SCALANCE LPE9403 devices, especially those that allow delegated administrative access or use privileged remote administration. Security teams responsible for OT/ICS asset management, patching, and account governance should prioritize it.
Technical summary
The vendor and CISA CSAF describe a user-input sanitization failure in the new-user creation workflow. The attack vector is network-based with high privileges required and no user interaction. The supplied CVSS vector (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) indicates significant potential impact if exploited, including full compromise of confidentiality, integrity, and availability on the device.
Defensive priority
High. The vulnerability requires high privileges, but the impact is severe and the affected product is an industrial device. Prioritize patching where the product is exposed to remote administration or where privileged credentials are widely available.
Recommended defensive actions
- Update Siemens SCALANCE LPE9403 devices to V4.0 or later, as directed by the vendor advisory.
- Restrict and monitor privileged remote access to the device, especially accounts that can create users.
- Review account-creation and administration workflows for unnecessary privilege exposure.
- Use defense-in-depth controls appropriate for ICS/OT environments, including segmentation and access restriction.
- Validate that asset inventories identify any deployed SCALANCE LPE9403 units and track remediation status.
Evidence notes
The supplied source advisory (ICSA-25-072-06 / Siemens SSA-075201) was published on 2025-03-11 and revised on 2025-05-06 for typo fixes. The advisory states that affected devices do not properly sanitize user input when creating new users and that an authenticated highly privileged remote attacker could execute arbitrary code on the device. The remediation listed is to update to V4.0 or later. No KEV entry was provided in the source corpus.
Official resources
-
CVE-2025-27393 CVE record
CVE.org
-
CVE-2025-27393 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the Siemens/CISA advisory on 2025-03-11 and revised on 2025-05-06 for typo fixes. No KEV listing was provided in the supplied corpus.