CVE-2025-40567
Published: Jun 10, 2025
Modified: Jan 13, 2026
CVSS v3.1
6.5
Description
A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.2), SCALANCE XCH328 (6GK5328-4TS01-2EC2) (All versions < V3.2), SCALANCE XCM324 (6GK5324-8TS01-2AC2) (All versions < V3.2), SCALANCE XCM328 (6GK5328-4TS01-2AC2) (All versions < V3.2), SCALANCE XCM332 (6GK5332-0GA01-2AC2) (All versions < V3.2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) (All versions < V3.2), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) (All versions < V3.2), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3) (All versions < V3.2), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3) (All versions < V3.2), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3) (All versions < V3.2), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3) (All versions < V3.2), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3) (All versions < V3.2), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3) (All versions < V3.2), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3) (All versions < V3.2), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3) (All versions < V3.2). The "Load Rollback" functionality in the web interface of affected products contains an incorrect authorization check vulnerability. This could allow an authenticated remote attacker with "guest" role to make the affected product roll back configuration changes made by privileged users.
| Vendor | Product | Versions |
|---|---|---|
Siemens | RUGGEDCOM RST2428P | affected 0 - < V3.2 |
Siemens | SCALANCE XCH328 | affected 0 - < V3.2 |
Siemens | SCALANCE XCM324 | affected 0 - < V3.2 |
Siemens | SCALANCE XCM328 | affected 0 - < V3.2 |
Siemens | SCALANCE XCM332 | affected 0 - < V3.2 |
Siemens | SCALANCE XRH334 (24 V DC, 8xFO, CC) | affected 0 - < V3.2 |
Siemens | SCALANCE XRM334 (230 V AC, 12xFO) | affected 0 - < V3.2 |
Siemens | SCALANCE XRM334 (230 V AC, 8xFO) | affected 0 - < V3.2 |
Siemens | SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) | affected 0 - < V3.2 |
Siemens | SCALANCE XRM334 (24 V DC, 12xFO) | affected 0 - < V3.2 |
Siemens | SCALANCE XRM334 (24 V DC, 8xFO) | affected 0 - < V3.2 |
Siemens | SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) | affected 0 - < V3.2 |
Siemens | SCALANCE XRM334 (2x230 V AC, 12xFO) | affected 0 - < V3.2 |
Siemens | SCALANCE XRM334 (2x230 V AC, 8xFO) | affected 0 - < V3.2 |
Siemens | SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) | affected 0 - < V3.2 |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now