CVE-2025-27396
Published: 11 March 2025
Summary
CVE-2025-27396 is a high-severity Improper Check for Dropped Privileges (CWE-273) vulnerability in Siemens Scalance Lpe9403 Firmware. Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 22.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
CVE-2025-27396 affects Siemens SCALANCE LPE9403 devices (part number 6GK5998-3GS00-2AC2) running all firmware versions prior to V4.0. The flaw stems from insufficient privilege checks that allow certain valid operations to be performed without the expected authorization level, corresponding to CWE-273.
An authenticated remote attacker with low privileges can exploit the weakness over the network to escalate rights and obtain full administrative control of the affected device. The CVSS 4.0 score of 8.7 reflects the combination of network reachability, low attack complexity, and high impact on confidentiality, integrity, and availability.
The Siemens advisory SSA-075201 recommends upgrading to firmware version V4.0 or later to correct the privilege enforcement issue and lists no viable workarounds for earlier releases.
EPSS values rose from a low baseline to a recorded peak of 0.0203, indicating emerging exploitation interest after public disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-7766
Vulnerability details
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit the elevation of privileges required to perform certain valid functionality. This could allow an authenticated lowly-privileged remote attacker to escalate their…
more
privileges.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a remote authenticated privilege escalation flaw (CWE-273) allowing low-priv users to gain higher privileges on the device, directly enabling T1068 Exploitation for Privilege Escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces the principle of least privilege to ensure users and processes operate with minimal privileges necessary, directly mitigating the CVE's failure to properly limit privilege elevation for valid functionality.
Requires mechanisms to enforce approved authorizations for logical access and privilege elevation, addressing the improper limitation that allows low-privileged attackers to escalate privileges.
Mandates timely flaw remediation including firmware updates to V4.0 or later, directly patching the privilege escalation vulnerability in SCALANCE LPE9403 devices.