CVE-2025-40577

Name of the Vulnerable Software and Affected Versions: SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions)

Description: A vulnerability has been identified where affected devices do not properly validate incoming Profinet packets. An unauthenticated remote attacker can exploit this flaw by sending a specially crafted malicious packet, which leads to a crash of the dcpd process.

Recommendations: For SCALANCE LPE9403 (6GK5998-3GS00-2AC2), consider implementing proper validation of incoming Profinet packets to prevent the dcpd process from crashing. As a temporary workaround, restrict access to the device to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.