Cyber Posture

CVE-2025-27392

High

Published: 11 March 2025

Published
11 March 2025
Modified
25 August 2025
KEV Added
Patch
CVSS Score 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0262 85.7th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may abuse Unix shell commands and scripts for execution.

Security Summary

CVE-2025-27392 affects Siemens SCALANCE LPE9403 (6GK5998-3GS00-2AC2) in all versions prior to V4.0. The vulnerability arises from improper sanitization of user input when creating new VXLAN configurations, classified under CWE-78 (OS Command Injection). It carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-03-11.

An authenticated remote attacker with high privileges can exploit this vulnerability over the network with low attack complexity and no user interaction. Exploitation enables arbitrary code execution on the affected device, resulting in high impacts to confidentiality, integrity, and availability.

Siemens Security Advisory SSA-075201, available at https://cert-portal.siemens.com/productcert/html/ssa-075201.html, provides details on the vulnerability and recommended mitigations.

Details

CWE(s)
CWE-78

Affected Products

siemens
scalance lpe9403 firmware
≤ 4.0

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
attack.mitre.org →
Why these techniques?

OS command injection (CWE-78) in the authenticated management interface enables remote code execution on the network device, directly mapping to T1190 (exploiting public-facing app) and T1059.004 (Unix Shell for arbitrary command execution).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References