PatchSiren cyber security CVE debrief
CVE-2025-40582 Siemens CVE debrief
CVE-2025-40582 is a high-severity Siemens advisory affecting the SCALANCE LPE9403 (6GK5998-3GS00-2AC2). According to the CISA CSAF advisory published on 2025-05-13, affected devices do not properly sanitize configuration parameters, which could allow a non-privileged local attacker to execute root commands on the device. The advisory states that no fix is currently available, so defenders should rely on access restriction and trusted-management practices while monitoring Siemens guidance for updates.
- Vendor
- Siemens
- Product
- SCALANCE LPE9403 (6GK5998-3GS00-2AC2)
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-05-13
- Original CVE updated
- 2025-05-13
- Advisory published
- 2025-05-13
- Advisory updated
- 2025-05-13
Who should care
Industrial control system operators, plant administrators, and Siemens SCALANCE LPE9403 owners should care most, especially environments where local access, shared maintenance accounts, or trusted remote-management paths exist. Security teams responsible for OT/ICS hardening and access control should also prioritize this advisory.
Technical summary
The issue is a local privilege-escalation condition in Siemens SCALANCE LPE9403 devices. The supplied advisory description says configuration parameters are not properly sanitized, enabling a non-privileged local attacker to run root commands. The provided CVSS vector is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, consistent with a serious local attack that can impact confidentiality, integrity, and availability. The source corpus does not provide affected firmware versions or a fixed release; it explicitly says no fix is available at publication time.
Defensive priority
High. Although the attack requires local access and low privileges, the impact is root-level command execution on an industrial device and the advisory lists no available fix. Environments with interactive access, shared admin workflows, or weak account separation should treat this as urgent to contain through access controls and operational hardening.
Recommended defensive actions
- Restrict access to the device to authorized and trusted personnel only, as recommended in the Siemens advisory.
- Use only trusted SINEMA Remote Connect Servers for remote connectivity.
- Review local account and maintenance access paths to minimize any opportunity for a low-privilege user to reach the affected device.
- Apply Siemens and CISA advisory updates as soon as a fix or further mitigation becomes available.
- Follow CISA ICS recommended practices and defense-in-depth guidance for industrial control systems.
- Monitor device access and administrative activity for unexpected local command execution or configuration changes.
Evidence notes
All substantive claims in this debrief are taken from the supplied CISA CSAF advisory data for ICSA-25-135-18 / CVE-2025-40582 and the associated Siemens references. The corpus identifies Siemens as the vendor, SCALANCE LPE9403 (6GK5998-3GS00-2AC2) as the affected product, the flaw as improper sanitization of configuration parameters, the attacker as non-privileged and local, and the impact as root-command execution. The advisory publication date is 2025-05-13. No affected version range, exploit details, or fixed release was provided in the supplied source corpus.
Official resources
-
CVE-2025-40582 CVE record
CVE.org
-
CVE-2025-40582 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Published by CISA and Siemens on 2025-05-13. The supplied advisory indicates no fix was available at publication time.