CVE-2025-40575

Name of the Vulnerable Software and Affected Versions SCALANCE LPE9403 versions all versions

Description A vulnerability has been identified in SCALANCE LPE9403 devices, where they do not properly validate incoming Profinet packets. An unauthenticated remote attacker can exploit this flaw by sending a specially crafted malicious packet, which leads to a crash of the dcpd process.

Recommendations As a temporary workaround, consider restricting access to the Profinet packets until a patch is available. Avoid using the vulnerable dcpd process in the affected SCALANCE LPE9403 devices until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.