Skip to main content

Scalance Lpe9403 Firmware CVE-2023-27408

LOW
Creation of Temporary File With Insecure Permissions (CWE-378)
2023-05-09 productcert@siemens.com
3.3
CVSS 3.1 · Vendor: siemens

Severity by source

Vendor (siemens) PRIMARY
3.3 LOW
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Primary rating from Vendor (siemens) · only source for this CVE.

CVSS VectorVendor: siemens

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
May 09, 2023 - 13:15 cve.org
LOW 3.3

DescriptionCVE.org

A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The i2c mutex file is created with the permissions bits of -rw-rw-rw-. This file is used as a mutex for multiple applications interacting with i2c. This could allow an authenticated attacker with access to the SSH interface on the affected device to interfere with the integrity of the mutex and the data it protects.

AnalysisAI

A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-378. A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The i2c mutex file is created with the permissions bits of -rw-rw-rw-. This file is used as a mutex for multiple applications interacting with i2c. This could allow an authenticated attacker with access to the SSH interface on the affected device to interfere with the integrity of the mutex and the data it protects. Affected products include: Siemens Scalance Lpe9403 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2023-27407 CRITICAL
9.9 May 09

A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). Rated critical severity (CVSS 9.9), this

CVE-2021-36221 MEDIUM
5.9 Aug 08

Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic

CVE-2021-3449 MEDIUM
5.9 Mar 25

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. Rated med

CVE-2025-40580 MEDIUM
5.4 May 13

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Rated medium sev

CVE-2025-40579 MEDIUM
5.4 May 13

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Rated medium sev

CVE-2025-40575 MEDIUM
5.3 May 13

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Rated medium sev

CVE-2025-40578 MEDIUM
5.3 May 13

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Rated medium severity (CVSS

CVE-2025-40577 MEDIUM
5.3 May 13

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Rated medium sev

CVE-2025-40576 MEDIUM
5.3 May 13

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Rated medium sev

CVE-2023-27409 LOW
3.3 May 09

A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). Rated low severity (CVSS 3.3), this vulne

CVE-2023-27410 LOW
2.7 May 09

A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). Rated low severity (CVSS 2.7), this vulne

CVE-2025-40583 MEDIUM
6.7 May 13

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Ed

Share

CVE-2023-27408 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy