PatchSiren cyber security CVE debrief
CVE-2025-40573 Siemens CVE debrief
CVE-2025-40573 affects Siemens SCALANCE LPE9403 devices. According to the advisory, a path traversal weakness could allow a privileged local attacker to restore backups from outside the intended backup folder. The issue was published by CISA on 2025-05-13 and carries a CVSS v3.1 score of 4.4 (Medium). At publication time, Siemens indicated there was no fix available and recommended restricting access to authorized and trusted personnel only.
- Vendor
- Siemens
- Product
- SCALANCE LPE9403 (6GK5998-3GS00-2AC2)
- CVSS
- MEDIUM 4.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-05-13
- Original CVE updated
- 2025-05-13
- Advisory published
- 2025-05-13
- Advisory updated
- 2025-05-13
Who should care
Operators and maintainers of Siemens SCALANCE LPE9403 deployments, especially environments where privileged local access is possible or not tightly controlled. Industrial control and OT teams should also care because the advisory is published through CISA/ICS channels.
Technical summary
The advisory describes a path traversal condition in Siemens SCALANCE LPE9403 (6GK5998-3GS00-2AC2). The stated impact is limited to a privileged local attacker and is consistent with the supplied CVSS vector AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N. The disclosed effect is integrity-focused: unauthorized restoration of backups outside the backup directory. No fix was available in the source advisory at the time of publication.
Defensive priority
Medium. The attack requires local access and high privileges, which narrows exposure, but the integrity impact and lack of a fix justify prompt access-control hardening and monitoring in affected environments.
Recommended defensive actions
- Restrict access to the device to authorized and trusted personnel only, as stated in the advisory.
- Review who has privileged local access to affected SCALANCE LPE9403 systems and remove unnecessary access.
- Protect backup workflows and verify that restore operations are limited to intended directories and approved operators.
- Monitor vendor and CISA advisory updates for a future fix or additional mitigation guidance.
- Apply general ICS defense-in-depth and access-control practices referenced by the advisory when operating OT assets.
Evidence notes
The source CSAF advisory (ICSA-25-135-18) states: 'Affected devices are vulnerable to path traversal attacks. This could allow a privileged local attacker to restore backups that are outside the backup folder.' The advisory metadata lists Siemens as the vendor, SCALANCE LPE9403 (6GK5998-3GS00-2AC2) as the affected product, CVSS v3.1 vector AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N, publication date 2025-05-13, and remediation guidance of restricting access to authorized and trusted personnel with no fix available at publication.
Official resources
-
CVE-2025-40573 CVE record
CVE.org
-
CVE-2025-40573 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in CISA CSAF/ICS advisory ICSA-25-135-18 on 2025-05-13; the CVE and source advisory share the same publication date in the provided timeline.