PatchSiren cyber security CVE debrief
CVE-2025-40581 Siemens CVE debrief
CVE-2025-40581 is a high-severity authentication bypass affecting Siemens SCALANCE LPE9403 (6GK5998-3GS00-2AC2). According to the advisory, a non-privileged local attacker could bypass authentication of the SINEMA Remote Connect Edge Client and read or modify configuration parameters. Siemens’ advisory and the CISA CSAF publication both state that no fix is currently available, so access restriction and operational hardening are the primary defenses for now.
- Vendor
- Siemens
- Product
- SCALANCE LPE9403 (6GK5998-3GS00-2AC2)
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-05-13
- Original CVE updated
- 2025-05-13
- Advisory published
- 2025-05-13
- Advisory updated
- 2025-05-13
Who should care
OT and industrial-control operators using Siemens SCALANCE LPE9403 devices, especially teams managing local administrative access, maintenance workflows, and site-level physical or console access. Asset owners, OT security engineers, and incident responders should also pay attention because the issue allows configuration tampering rather than just information disclosure.
Technical summary
The vulnerability is an authentication bypass with local attack requirements and low privilege requirements (CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N, score 7.1). The supplied advisory text says the bypass can let a non-privileged local attacker defeat authentication for the SINEMA Remote Connect Edge Client and then read and modify configuration parameters. The source corpus does not provide a fixed version or patch, and the remediation guidance instead focuses on limiting access to trusted personnel.
Defensive priority
High. This is a meaningful integrity and confidentiality issue for OT edge devices because configuration tampering can affect availability indirectly and may be used to alter device behavior. Priority is elevated by the absence of an available fix in the supplied advisory. Treat as an access-control hardening item until Siemens provides remediation.
Recommended defensive actions
- Restrict physical and local access to the affected SCALANCE LPE9403 device to authorized and trusted personnel only, as stated in the advisory.
- Review which users and service accounts have local access or maintenance access to the Edge Client and remove unnecessary privileges.
- Monitor configuration changes and administrative actions for unexpected modifications until a vendor fix is available.
- Segment the device and associated management interfaces so that only required engineering or maintenance endpoints can reach them.
- Track Siemens and CISA advisory updates for a future patch or updated mitigation guidance.
Evidence notes
The source corpus identifies Siemens as the vendor, SCALANCE LPE9403 (6GK5998-3GS00-2AC2) as the affected product, and CVE-2025-40581 as the advisory’s CVE. The advisory description states that affected devices are vulnerable to an authentication bypass that can let a non-privileged local attacker bypass authentication of the SINEMA Remote Connect Edge Client and read/modify configuration parameters. The remediation section explicitly says to restrict access to authorized and trusted personnel and notes that currently no fix is available. Timeline fields show publication and modification on 2025-05-13.
Official resources
-
CVE-2025-40581 CVE record
CVE.org
-
CVE-2025-40581 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Published by CISA and the vendor on 2025-05-13. The supplied corpus does not indicate KEV listing, ransomware use, or a public exploitation campaign. The issue is local in nature and currently has no available fix in the supplied advisory,.