PatchSiren cyber security CVE debrief
CVE-2025-27394 Siemens CVE debrief
CVE-2025-27394 affects Siemens SCALANCE LPE9403 (6GK5998-3GS00-2AC2). According to the advisory, the device does not properly sanitize user input when creating new SNMP users, which could allow an authenticated, highly privileged remote attacker to execute arbitrary code on the device. Siemens lists remediation as updating to V4.0 or later.
- Vendor
- Siemens
- Product
- SCALANCE LPE9403 (6GK5998-3GS00-2AC2)
- CVSS
- HIGH 7.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-03-11
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-03-11
- Advisory updated
- 2025-05-06
Who should care
Organizations running Siemens SCALANCE LPE9403 devices, especially OT/industrial environments where privileged administrators manage SNMP settings. Network and ICS security teams should also care if administrative access to the device is exposed or broadly shared.
Technical summary
The issue is an input-sanitization weakness in the SNMP user creation path on the affected Siemens device. The published CVSS vector (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C) indicates a network-reachable flaw that requires high privileges but no user interaction, with potential high impact to confidentiality, integrity, and availability. The source advisory names one affected product: SCALANCE LPE9403 (6GK5998-3GS00-2AC2).
Defensive priority
High. Although exploitation requires authenticated, highly privileged access, the impact is severe and the attack path is remote. Prioritize this for any exposed or operationally critical SCALANCE LPE9403 deployment, and especially where SNMP administration is actively used.
Recommended defensive actions
- Update Siemens SCALANCE LPE9403 devices to V4.0 or later, per the vendor remediation.
- Restrict access to device administration interfaces to only trusted management hosts and personnel.
- Review who has the privileged credentials used to create or manage SNMP users, and remove unnecessary access.
- Monitor for unusual SNMP administration activity or unexpected changes to device configuration.
- Follow CISA and Siemens industrial control system hardening guidance for defense-in-depth and least-privilege administration.
Evidence notes
This debrief is based on the CISA CSAF advisory ICSA-25-072-06 for CVE-2025-27394, published on 2025-03-11 and revised on 2025-05-06 for typo fixes only. The advisory identifies Siemens as the vendor, the affected product as SCALANCE LPE9403 (6GK5998-3GS00-2AC2), and the remediation as updating to V4.0 or later. The CVSS vector supplied in the advisory is CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C. No KEV entry is provided in the supplied corpus.
Official resources
-
CVE-2025-27394 CVE record
CVE.org
-
CVE-2025-27394 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Public advisory disclosed on 2025-03-11; revised on 2025-05-06 for typo fixes. No known exploitation campaign or KEV listing is included in the supplied corpus.