A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit user controlled paths to which logs are written and from where they are read. This could allow an authenticated highly-privileged remote attacker to read and write arbitrary files in the filesystem, if and only if the malicious path ends with 'log' .
2025-03-11T10:15:19.083
2025-08-22T17:58:09.643
Analyzed
CVSSv3.1: 3.8 (LOW)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | siemens | scalance_lpe9403_firmware | < 4.0 | Yes |
| Hardware | siemens | scalance_lpe9403 | - | No |