5 matches found
Siemens SCALANCE LPE9403 Improper Neutralization of Special Elements Used in an OS Command (CVE-2025-27398)
Affected devices do not properly neutralize special characters when interpreting user controlled log paths. This could allow an authenticated highly-privileged remote attacker to execute a limited set of binaries that are already present on the filesystem. This plugin only works with Tenable.ot...
Siemens SCALANCE M-800 and SC-600 Families Partial String Comparison (CVE-2025-23384)
A remote attacker needs to have access to a valid certificate in order to perform a successful attack. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...
CVE-2025-27398
creationtimestamp| type| source ---|---|--- 2025-03-11 13:26:38+00:00| seen| https://t.me/cvedetector/20064 2025-03-13 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-072-06...
CVE-2025-27398
A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions V4.0. Affected devices do not properly neutralize special characters when interpreting user controlled log paths. This could allow an authenticated highly-privileged remote attacker to execute a limited set of...
CVE-2025-27398
CVE-2025-27398 affects Siemens SCALANCE LPE9403 (6GK5998-3GS00-2AC2) prior to version 4.0. The issue is an OS command injection where user-controlled log paths are not properly neutralized, enabling an authenticated, highly-privileged attacker to run a limited set of binaries already present on t...