CVE-2025-27397

Name of the Vulnerable Software and Affected Versions SCALANCE LPE9403 versions prior to V4.0

Description A vulnerability has been identified where affected devices do not properly limit user-controlled paths to which logs are written and from where they are read. This could allow an authenticated highly-privileged remote attacker to read and write arbitrary files in the filesystem, if the malicious path ends with 'log'.

Recommendations For versions prior to V4.0, update to version V4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the filesystem to minimize the risk of exploitation. Avoid using paths that end with 'log' in the affected devices until the issue is resolved.