PatchSiren cyber security CVE debrief
CVE-2025-40576 Siemens CVE debrief
CVE-2025-40576 affects Siemens SCALANCE LPE9403 (6GK5998-3GS00-2AC2) and involves insufficient validation of incoming Profinet packets. According to the advisory, an unauthenticated attacker on an adjacent network can send a specially crafted packet that causes the dcpd process to crash. The impact is availability-only, and Siemens listed a mitigation to disable the Profinet Discovery and Configuration Protocol (DCP) service while noting that no fix was available at the time of publication.
- Vendor
- Siemens
- Product
- SCALANCE LPE9403 (6GK5998-3GS00-2AC2)
- CVSS
- MEDIUM 4.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-05-13
- Original CVE updated
- 2025-05-13
- Advisory published
- 2025-05-13
- Advisory updated
- 2025-05-13
Who should care
Operators and maintainers of Siemens SCALANCE LPE9403 devices, especially industrial-control environments that use Profinet/DCP. Network defenders who manage OT segmentation and device hardening should also review exposure to adjacent-network traffic.
Technical summary
The advisory describes a packet-processing flaw in the device’s Profinet handling path. Incoming Profinet packets are not properly validated, allowing an unauthenticated remote attacker to submit a malicious packet that triggers a crash in the dcpd process. The supplied CVSS vector (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) indicates adjacent-network reachability, low attack complexity, no privileges or user interaction, and limited availability impact.
Defensive priority
Medium. This is a denial-of-service issue rather than a confidentiality or integrity compromise, but it can still disrupt OT communications or device availability. Priority should be elevated if the device is reachable from untrusted or broadly shared industrial network segments.
Recommended defensive actions
- Disable the Profinet Discovery and Configuration Protocol (DCP) service on affected devices, per the vendor mitigation.
- Restrict adjacent-network access to the device with OT network segmentation and allowlisting where feasible.
- Limit exposure of Profinet-related traffic to only trusted management and automation segments.
- Monitor affected devices for unexpected dcpd process crashes or service interruptions.
- Track Siemens and CISA advisories for a future fix or updated guidance before re-enabling affected functionality.
Evidence notes
All substantive claims are taken from the CISA CSAF advisory ICSA-25-135-18 and the referenced Siemens advisory materials. The advisory states the affected product, the packet-validation weakness, the unauthenticated attacker model, the dcpd crash outcome, the mitigation to disable DCP, and that no fix was available at publication. The published date used here is 2025-05-13 from the provided CVE and source timeline.
Official resources
-
CVE-2025-40576 CVE record
CVE.org
-
CVE-2025-40576 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed on 2025-05-13 in CISA advisory ICSA-25-135-18 and the corresponding Siemens advisory materials.