CVE-2025-40578

Name of the Vulnerable Software and Affected Versions: SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions)

Description: A flaw has been identified in the handling of multiple incoming Profinet packets received in rapid succession. An unauthenticated remote attacker can exploit this issue by sending multiple packets in a very short time frame, leading to a crash of the dcpd process.

Recommendations: For SCALANCE LPE9403 (6GK5998-3GS00-2AC2), as a temporary workaround, consider implementing rate limiting on incoming Profinet packets to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.