Vulnerability Details CVE-2025-27397
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit user controlled paths to which logs are written and from where they are read.
This could allow an authenticated highly-privileged remote attacker to read and write arbitrary files in the filesystem, if and only if the malicious path ends with 'log' .
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 15.7%
CVSS Severity
CVSS v3 Score 3.8
Products affected by CVE-2025-27397
-
cpe:2.3:h:siemens:scalance_lpe9403:-
-
cpe:2.3:o:siemens:scalance_lpe9403_firmware:-
-
cpe:2.3:o:siemens:scalance_lpe9403_firmware:2.0