CVE-2025-40569: A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.2), SCALANCE XC316-8 (6GK5324-8TS00-2AC2) (All...
Description
A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.2), SCALANCE XC316-8 (6GK5324-8TS00-2AC2) (All versions < V3.2), SCALANCE XC324-4 (6GK5328-4TS00-2AC2) (All versions < V3.2), SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2) (All versions < V3.2), SCALANCE XC332 (6GK5332-0GA00-2AC2) (All versions < V3.2), SCALANCE XC416-8 (6GK5424-8TR00-2AC2) (All versions < V3.2), SCALANCE XC424-4 (6GK5428-4TR00-2AC2) (All versions < V3.2), SCALANCE XC432 (6GK5432-0GR00-2AC2) (All versions < V3.2), SCALANCE XCH328 (6GK5328-4TS01-2EC2) (All versions < V3.2), SCALANCE XCM324 (6GK5324-8TS01-2AC2) (All versions < V3.2), SCALANCE XCM328 (6GK5328-4TS01-2AC2) (All versions < V3.2), SCALANCE XCM332 (6GK5332-0GA01-2AC2) (All versions < V3.2), SCALANCE XR302-32 (6GK5334-5TS00-2AR3) (All versions < V3.2), SCALANCE XR302-32 (6GK5334-5TS00-3AR3) (All versions < V3.2), SCALANCE XR302-32 (6GK5334-5TS00-4AR3) (All versions < V3.2), SCALANCE XR322-12 (6GK5334-3TS00-2AR3) (All versions < V3.2), SCALANCE XR322-12 (6GK5334-3TS00-3AR3) (All versions < V3.2), SCALANCE XR322-12 (6GK5334-3TS00-4AR3) (All versions < V3.2), SCALANCE XR326-8 (6GK5334-2TS00-2AR3) (All versions < V3.2), SCALANCE XR326-8 (6GK5334-2TS00-3AR3) (All versions < V3.2), SCALANCE XR326-8 (6GK5334-2TS00-4AR3) (All versions < V3.2), SCALANCE XR326-8 EEC (6GK5334-2TS00-2ER3) (All versions < V3.2), SCALANCE XR502-32 (6GK5534-5TR00-2AR3) (All versions < V3.2), SCALANCE XR502-32 (6GK5534-5TR00-3AR3) (All version...
Classification
CVE ID: CVE-2025-40569
CVSS Base Severity: MEDIUM
CVSS Base Score: 4.8
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
Problem Types
CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')Affected Products
Vendor: Siemens
Product: RUGGEDCOM RST2428P, SCALANCE XC316-8, SCALANCE XC324-4, SCALANCE XC324-4 EEC, SCALANCE XC332, SCALANCE XC416-8, SCALANCE XC424-4, SCALANCE XC432, SCALANCE XCH328, SCALANCE XCM324, SCALANCE XCM328, SCALANCE XCM332, SCALANCE XR302-32, SCALANCE XR322-12, SCALANCE XR326-8, SCALANCE XR326-8 EEC, SCALANCE XR502-32, SCALANCE XR522-12, SCALANCE XR526-8, SCALANCE XRH334 (24 V DC, 8xFO, CC), SCALANCE XRM334 (230 V AC, 12xFO), SCALANCE XRM334 (230 V AC, 8xFO), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+), SCALANCE XRM334 (24 V DC, 12xFO), SCALANCE XRM334 (24 V DC, 8xFO), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+), SCALANCE XRM334 (2x230 V AC, 12xFO), SCALANCE XRM334 (2x230 V AC, 8xFO), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+)
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.03% (probability of being exploited)
EPSS Percentile: 7.86% (scored less or equal to compared to others)
EPSS Date: 2025-06-17 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: none
SSVC Technical Impact: partial
SSVC Automatable: false
References
https://nvd.nist.gov/vuln/detail/CVE-2025-40569https://cert-portal.siemens.com/productcert/html/ssa-693776.html