CVE-2025-40578 – “SCALANCE LPE9403 Profinet Packet Flood Crash Vulnerability”

CVE ID : CVE-2025-40578

Published : May 13, 2025, 10:15 a.m. | 27 minutes ago

Description : A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices do not properly handle multiple incoming Profinet packets received in rapid succession.
An unauthenticated remote attacker can exploit this flaw by sending multiple packets in a very short time frame, which leads to a crash of the dcpd process.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…