Login Sign Up

CVE-2025-40576

4.3 MEDIUM
Denial of Service

📋 TL;DR

A vulnerability in Siemens SCALANCE LPE9403 industrial switches allows unauthenticated remote attackers to crash the dcpd process by sending specially crafted Profinet packets. This affects all versions before V4.0 HF0 and could lead to denial of service in industrial networks.

💻 Affected Systems

Products:
  • Siemens SCALANCE LPE9403 (6GK5998-3GS00-2AC2)
Versions: All versions < V4.0 HF0
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Affects devices using Profinet protocol; vulnerability is in packet validation logic.

📦 What is this software?

Scalance Lpe9403 Firmware by Siemens

View all CVEs affecting Scalance Lpe9403 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Persistent denial of service affecting industrial control system availability, potentially disrupting manufacturing or critical processes.

🟠

Likely Case

Temporary service interruption requiring device reboot, causing minor operational disruption.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring to detect and block malicious packets.

🌐 Internet-Facing: MEDIUM - Devices exposed to internet are vulnerable to DoS attacks, but industrial equipment typically shouldn't be internet-facing.
🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this to disrupt operations.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending specially crafted Profinet packets to vulnerable devices.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V4.0 HF0

Vendor Advisory: https://cert-portal.siemens.com/productcert/html/ssa-327438.html

Restart Required: Yes

Instructions:

1. Download firmware V4.0 HF0 from Siemens support portal. 2. Backup current configuration. 3. Upload and install new firmware via web interface or CLI. 4. Reboot device. 5. Verify firmware version.

🔧 Temporary Workarounds

Network segmentation

all

Isolate SCALANCE devices in separate VLANs with strict firewall rules limiting Profinet traffic to trusted sources only.

Access control lists

all

Implement ACLs on upstream devices to restrict access to SCALANCE management interfaces and Profinet ports.

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate vulnerable devices from untrusted networks.
  • Deploy intrusion detection systems to monitor for anomalous Profinet traffic patterns.

🔍 How to Verify

Check if Vulnerable:

Check firmware version via web interface (System > Device Information) or CLI command 'show version'.

Check Version:

show version

Verify Fix Applied:

Confirm firmware version is V4.0 HF0 or later using same methods.

📡 Detection & Monitoring

Log Indicators:

  • dcpd process crashes
  • unexpected device reboots
  • Profinet protocol errors

Network Indicators:

  • Malformed Profinet packets to port 34964
  • Unusual traffic patterns to industrial devices

SIEM Query:

source="industrial_switch" AND (event="process_crash" OR event="unexpected_reboot")

📊 Metadata

CVE ID: CVE-2025-40576
CVSS v3 Score: 4.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE: CWE-476
EPSS Score: 0.06% exploit probability (19.3th percentile)
Published: May 13, 2025
Last Updated: July 8, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-40576, you might also want to check these:

CVE-2022-36648 10.0

This CVE describes a vulnerability in QEMU's hardware emulation where a malformed program executed i...

Same vulnerability type (CWE-476)
CVE-2022-30592 9.8

This vulnerability in LiteSpeed QUIC (LSQUIC) before version 3.1.0 involves improper handling of MAX...

Same vulnerability type (CWE-476)
CVE-2023-47003 9.8

A NULL pointer dereference vulnerability in RedisGraph allows attackers to execute arbitrary code or...

Same vulnerability type (CWE-476)