Platform
siemens
Component
siemens-industrial-edge-management-pro
Fixed in
1.15.17
2.1.1
2.7.10
CVE-2026-33892 describes a vulnerability in Siemens Industrial Edge Management Pro, specifically concerning the enforcement of user authentication on remote connections to devices. Successful exploitation could allow an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user, potentially leading to unauthorized access and control. This issue affects versions 1.7.6 through 2.8.0 of Industrial Edge Management Pro, as well as related virtual versions. A patch is available, resolving the issue in version V2.8.0.
A critical vulnerability has been identified in Industrial Edge Management Pro V1, V2, and Virtual, affecting specific versions (V1 >= 1.7.6 < 1.15.17, V2 >= 2.0.0 < 2.1.1, Virtual >= 2.2.0 < 2.8.0). This security flaw lies in the inadequate enforcement of user authentication on remote connections to devices. An unauthenticated remote attacker could exploit this weakness to bypass authentication mechanisms and impersonate a legitimate user. This could result in unauthorized access to industrial systems, data manipulation, disruption of operations, and potentially, physical damage to controlled equipment. The severity of this vulnerability is rated as CVSS 7.1, indicating a significant risk.
An attacker with network access to the devices where the management systems reside could exploit this vulnerability. No prior authentication is required to execute the attack, which simplifies its execution. The attacker could use network scanning tools to identify vulnerable devices and then leverage the lack of authentication to access the system and execute commands as if they were an authorized user. The potential impact is high, as an attacker could gain complete control over the affected industrial devices.
Exploit Status
EPSS
0.07% (22% percentile)
CISA SSVC
CVSS Vector
The solution to mitigate this vulnerability is to upgrade to Industrial Edge Management Pro V2.8.0 or later. This update includes the necessary fixes to ensure proper user authentication enforcement on remote connections. In the interim, as a temporary measure, it is recommended to restrict network access to management devices, implement robust firewalls, and actively monitor system logs for suspicious activity. It is crucial to apply this update as soon as possible to protect industrial systems from potential attacks. Refer to the manufacturer's official documentation for detailed instructions on the upgrade process.
Aplique las últimas actualizaciones de seguridad proporcionadas por Siemens, específicamente las versiones 1.15.17, 2.1.1 y 2.8.0 o superiores. Revise la nota de seguridad SSA-609469 en el sitio web de Siemens para obtener instrucciones detalladas y pasos adicionales para mitigar el riesgo. Desactive la función de conexión remota a dispositivos si no es necesaria.
Vulnerability analysis and critical alerts directly to your inbox.
The affected versions are V1 >= 1.7.6 < 1.15.17, V2 >= 2.0.0 < 2.1.1, and Virtual >= 2.2.0 < 2.8.0.
Upgrading to V2.8.0 or later is the recommended solution.
Restricting network access, implementing firewalls, and monitoring system logs are temporary measures.
CVSS 7.1 indicates a significant risk, meaning the vulnerability is exploitable and could have a major impact.
Refer to the manufacturer's official documentation for detailed instructions on the upgrade process.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.