PT-2025-20876 · Siemens · Scalance Lpe9403+1
Published
2025-05-13
·
Updated
2025-06-04
·
CVE-2025-40581
CVSS v3.1
7.1
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions:
SCALANCE LPE9403 versions with SINEMA Remote Connect Edge Client installed
Description:
A vulnerability has been identified that allows a non-privileged local attacker to bypass the authentication of the SINEMA Remote Connect Edge Client, and to read and modify the configuration parameters. This could enable local attackers to bypass authentication and access configuration parameters.
Recommendations:
For SCALANCE LPE9403 with SINEMA Remote Connect Edge Client installed, consider disabling the SINEMA Remote Connect Edge Client until a patch is available to prevent authentication bypass and unauthorized access to configuration parameters. Restrict access to the device to minimize the risk of exploitation.
Fix
LPE
Authentication Bypass Using an Alternate Path or Channel
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Scalance Lpe9403
Sinema Remote Connect Client