We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-40569



Description

A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.2), SCALANCE XC316-8 (6GK5324-8TS00-2AC2) (All versions < V3.2), SCALANCE XC324-4 (6GK5328-4TS00-2AC2) (All versions < V3.2), SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2) (All versions < V3.2), SCALANCE XC332 (6GK5332-0GA00-2AC2) (All versions < V3.2), SCALANCE XC416-8 (6GK5424-8TR00-2AC2) (All versions < V3.2), SCALANCE XC424-4 (6GK5428-4TR00-2AC2) (All versions < V3.2), SCALANCE XC432 (6GK5432-0GR00-2AC2) (All versions < V3.2), SCALANCE XCH328 (6GK5328-4TS01-2EC2) (All versions < V3.2), SCALANCE XCM324 (6GK5324-8TS01-2AC2) (All versions < V3.2), SCALANCE XCM328 (6GK5328-4TS01-2AC2) (All versions < V3.2), SCALANCE XCM332 (6GK5332-0GA01-2AC2) (All versions < V3.2), SCALANCE XR302-32 (6GK5334-5TS00-2AR3) (All versions < V3.2), SCALANCE XR302-32 (6GK5334-5TS00-3AR3) (All versions < V3.2), SCALANCE XR302-32 (6GK5334-5TS00-4AR3) (All versions < V3.2), SCALANCE XR322-12 (6GK5334-3TS00-2AR3) (All versions < V3.2), SCALANCE XR322-12 (6GK5334-3TS00-3AR3) (All versions < V3.2), SCALANCE XR322-12 (6GK5334-3TS00-4AR3) (All versions < V3.2), SCALANCE XR326-8 (6GK5334-2TS00-2AR3) (All versions < V3.2), SCALANCE XR326-8 (6GK5334-2TS00-3AR3) (All versions < V3.2), SCALANCE XR326-8 (6GK5334-2TS00-4AR3) (All versions < V3.2), SCALANCE XR326-8 EEC (6GK5334-2TS00-2ER3) (All versions < V3.2), SCALANCE XR502-32 (6GK5534-5TR00-2AR3) (All versions < V3.2), SCALANCE XR502-32 (6GK5534-5TR00-3AR3) (All versions < V3.2), SCALANCE XR502-32 (6GK5534-5TR00-4AR3) (All versions < V3.2), SCALANCE XR522-12 (6GK5534-3TR00-2AR3) (All versions < V3.2), SCALANCE XR522-12 (6GK5534-3TR00-3AR3) (All versions < V3.2), SCALANCE XR522-12 (6GK5534-3TR00-4AR3) (All versions < V3.2), SCALANCE XR526-8 (6GK5534-2TR00-2AR3) (All versions < V3.2), SCALANCE XR526-8 (6GK5534-2TR00-3AR3) (All versions < V3.2), SCALANCE XR526-8 (6GK5534-2TR00-4AR3) (All versions < V3.2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) (All versions < V3.2), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) (All versions < V3.2), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3) (All versions < V3.2), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3) (All versions < V3.2), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3) (All versions < V3.2), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3) (All versions < V3.2), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3) (All versions < V3.2), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3) (All versions < V3.2), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3) (All versions < V3.2), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3) (All versions < V3.2). The "Load Configuration from Local PC" functionality in the web interface of affected products contains a race condition vulnerability. This could allow an authenticated remote attacker to make the affected product load an attacker controlled configuration instead of the legitimate one. Successful exploitation requires that a legitimate administrator invokes the functionality and the attacker wins the race condition.

Reserved 2025-04-16 | Published 2025-06-10 | Updated 2025-06-10 | Assigner siemens


MEDIUM: 4.8CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
MEDIUM: 5.9CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Product status

Default status
unknown

Any version before V3.2
affected

Default status
unknown

Any version before V3.2
affected

Default status
unknown

Any version before V3.2
affected

Default status
unknown

Any version before V3.2
affected

Default status
unknown

Any version before V3.2
affected

Default status
unknown

Any version before V3.2
affected

Default status
unknown

Any version before V3.2
affected

Default status
unknown

Any version before V3.2
affected

Default status
unknown

Any version before V3.2
affected

Default status
unknown

Any version before V3.2
affected

Default status
unknown

Any version before V3.2
affected

Default status
unknown

Any version before V3.2
affected

Default status
unknown

Any version before V3.2
affected

Default status
unknown

Any version before V3.2
affected

Default status
unknown

Any version before V3.2
affected

Default status
unknown

Any version before V3.2
affected

Default status
unknown

Any version before V3.2
affected

Default status
unknown

Any version before V3.2
affected

Default status
unknown

Any version before V3.2
affected

Default status
unknown

Any version before V3.2
affected

Default status
unknown

Any version before V3.2
affected

Default status
unknown

Any version before V3.2
affected

Default status
unknown

Any version before V3.2
affected

Default status
unknown

Any version before V3.2
affected

Default status
unknown

Any version before V3.2
affected

Default status
unknown

Any version before V3.2
affected

Default status
unknown

Any version before V3.2
affected

Default status
unknown

Any version before V3.2
affected

Default status
unknown

Any version before V3.2
affected

Default status
unknown

Any version before V3.2
affected

Default status
unknown

Any version before V3.2
affected

Default status
unknown

Any version before V3.2
affected

Default status
unknown

Any version before V3.2
affected

Default status
unknown

Any version before V3.2
affected

Default status
unknown

Any version before V3.2
affected

Default status
unknown

Any version before V3.2
affected

Default status
unknown

Any version before V3.2
affected

Default status
unknown

Any version before V3.2
affected

Default status
unknown

Any version before V3.2
affected

Default status
unknown

Any version before V3.2
affected

Default status
unknown

Any version before V3.2
affected

References

cert-portal.siemens.com/productcert/html/ssa-693776.html

cve.org (CVE-2025-40569)

nvd.nist.gov (CVE-2025-40569)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-40569

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.