CVE-2025-27398

Name of the Vulnerable Software and Affected Versions SCALANCE LPE9403 versions prior to V4.0

Description A vulnerability has been identified where affected devices do not properly neutralize special characters when interpreting user-controlled log paths. This could allow an authenticated highly-privileged remote attacker to execute a limited set of binaries that are already present on the filesystem.

Recommendations For versions prior to V4.0, update to version V4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the log paths to minimize the risk of exploitation. Avoid using special characters in user-controlled log paths until the issue is resolved.