#VU105647 Improper Check for Dropped Privileges in SCALANCE LPE9403 - CVE-2025-27396

Cybersecurity Help s.r.o.

Published: 2025-03-12

Vulnerability identifier: #VU105647

Vulnerability risk: Medium

CVSSv4.0: 7.4 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2025-27396

CWE-ID: CWE-273

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
SCALANCE LPE9403
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor: Siemens

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to the affected devices do not properly limit the elevation of privileges required to perform certain valid functionality. A remote user can gain elevated privileges on the target system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

SCALANCE LPE9403: before 4.0

External links
https://cert-portal.siemens.com/productcert/html/ssa-075201.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Siemens SCALANCE LPE9403