CTI Swarm
Zurück zu allen Deep Dives
ALL CISA ADVISORIES

Siemens Industrial Edge Management

Strategische Zusammenfassung

This CVE affects Siemens Industrial Edge Management, a platform used to manage edge devices in industrial environments, which could allow an attacker to compromise industrial operations.

Volltext

Title: Siemens Industrial Edge Management | CISA

URL Source: https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-11

Markdown Content: # Siemens Industrial Edge Management | CISA

An official website of the United States government

Here’s how you know

Here’s how you know

**Official websites use .gov**

A **.gov** website belongs to an official government organization in the United States.

**Secure .gov websites use HTTPS**

A **lock** () or **https://** means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

**Due to the lapse in federal funding, this website will not be actively managed.**[**Read More**](https://go.dhs.gov/lapse-2026)

[no-cost Cyber Services](https://www.cisa.gov/resources-tools/resources/free-cybersecurity-services-and-tools "Free Cyber Services")[Secure by design](https://www.cisa.gov/securebydesign)[Secure Your Business](https://www.cisa.gov/secureyourbusiness)[Shields Up](https://www.cisa.gov/node/8056)[Report A Cyber Issue](https://www.cisa.gov/report)

Search

[×](javascript:void(0) "Clear search box")

Menu

Close

[×](javascript:void(0) "Clear search box")

* Topics[Topics](https://www.cisa.gov/topics) [Cybersecurity Best Practices](https://www.cisa.gov/topics/cybersecurity-best-practices) [Cyber Threats and Response](https://www.cisa.gov/topics/cyber-threats-and-response) [Critical Infrastructure Security and Resilience](https://www.cisa.gov/topics/critical-infrastructure-security-and-resilience) [Election Security](https://www.cisa.gov/topics/election-security) [Emergency Communications](https://www.cisa.gov/topics/emergency-communications) [Industrial Control Systems](https://www.cisa.gov/topics/industrial-control-systems) [Information and Communications Technology Supply Chain Security](https://www.cisa.gov/topics/information-communications-technology-supply-chain-security) [Partnerships and Collaboration](https://www.cisa.gov/topics/partnerships-and-collaboration) [Physical Security](https://www.cisa.gov/topics/physical-security) [Risk Management](https://www.cisa.gov/topics/risk-management) [How can we help?](https://www.cisa.gov/audiences) [Government](https://www.cisa.gov/topics/government)[Educational Institutions](https://www.cisa.gov/topics/educational-institutions)[Industry](https://www.cisa.gov/topics/industry)[State, Local, Tribal, and […]

[… 8,951 Zeichen — nächste Zone: keyword-dense paragraphs …]

**Industrial Edge Management contains an authorization bypass vulnerability that could be exploited by an unauthenticated remote attacker to circumvent authentication and to access connected Industrial Edge Devices through the remote connection feature. Siemens has released new versions for the affected products and recommends to update to the latest versions.**

| CVSS Version | Base Score | Base Severity | Vector String | | --- | --- | --- | --- | | **CVSS Version**3.1 | **Base Score**7.1 | **Base Severity**HIGH | **Vector String**[CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L "(opens in a new window)") |

| CVSS | Vendor | Equipment | Vulnerabilities | | --- | --- | --- | --- | | **CVSS**v3 7.1 | **Vendor**Siemens | **Equipment**Siemens Industrial Edge Management | **Vulnerabilities**Authentication Bypass by Primary Weakness |

Affected management systems do not properly enforce user authentication on remote connections to devices. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that the attacker has identified the header and port used for remote connections to devices and that the remote connection feature is enabled for the device. Exploitation allows the attacker to tunnel to the device. Security features on this device itself (e.g. app specific authentication) are not affected.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, […]

This ICSA is a verbati […]

[… 8,541 Zeichen — nächste Zone: tail …]

ICS Advisory | ICSA-26-111-12

### [SenseLive X3050](https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-12)

[Return to top](https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-11#top)

* [Topics](https://www.cisa.gov/topics) * [Spotlight](https://www.cisa.gov/spotlight) * [Resources & Tools](https://www.cisa.gov/resources-tools) * [News & Events](https://www.cisa.gov/news-events) * [Careers](https://www.cisa.gov/careers) * [About](https://www.cisa.gov/about)

[Cybersecurity & Infrastructure Security Agency](https://www.cisa.gov/ "Go to the Cybersecurity & Infrastructure Security Agency homepage")

* [Facebook](https://www.facebook.com/CISA) * [X](https://x.com/CISAgov) * [LinkedIn](https://www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency) * [YouTube](https://www.youtube.com/@cisagov) * [Instagram](https://www.instagram.com/cisagov) * [RSS](https://www.cisa.gov/subscribe-updates-cisa)

CISA Central[1-844-Say-CISA](tel:1-844-Say-CISA)[contact@cisa.dhs.gov](mailto:contact@cisa.dhs.gov)

DHS Seal

CISA.gov

An official website of the U.S. Department of Homeland Security

* [About CISA](https://www.cisa.gov/about "About CISA") * [Budget and Performance](https://www.dhs.gov/performance-financial-reports "Budget and Performance") * [DHS.gov](https://www.dhs.gov/ "Department of Homeland Security") * [FOIA Requests](https://www.dhs.gov/foia "FOIA Requests") * [No FEAR Act](https://www.cisa.gov/no-fear-act "No FEAR Act Reporting") * [Office of Inspector General](https://www.oig.dhs.gov/ "Office of Inspector General") * [Privacy Policy](https://www.cisa.gov/privacy-policy "Privacy Policy") * [Subscribe](https://public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138 "Subscribe to Email Updates") * [The White House](https://www.whitehouse.gov/ "The White House") * [USA.gov](https://www.usa.gov/ "USA.gov") * [Website Feedback](https://www.cisa.gov/forms/feedback "Website Feedback")