BetaIT-Hub is in early access — your feedback helps us improve. Use the chat or email [email protected]

News Vulnerability
VulnerabilityCISA·44d ago

Siemens Industrial Edge Management

p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-11.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong Industrial Edge Management contains an authorization bypass vulnerability that could be exploited by an unauthenticated remote attacker to circumvent authentication and to access connected Industrial Edge Devices through the remote connection feature. Siemens has released new versions for the affected products and recommends to update to the latest versions. /strong /p p The following versions of Siemens Industrial Edge Management are affected: /p ul li Industrial Edge Management Pro V1 vers:intdot/ gt;=1.7.6| lt;1.15.17 (CVE-2026-33892) /li li Industrial Edge Management Pro V2 vers:intdot/ gt;=2.0.0| lt;2.1.1 (CVE-2026-33892) /li li Industrial Edge Management Virtual vers:intdot/ gt;=2.2.0| lt;2.8.0 (CVE-2026-33892) /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 7.1 /td td Siemens /td td Siemens Industrial Edge Management /td td Authentication Bypass by Primary Weakness /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Critical Manufacturing /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Germany /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2026-33892 /a /h3 div class="csaf-accordion-content" p Affected management systems do not properly enforce user authentication on remote connections to devices. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that the attacker has identified the header and port used for remote connections to devices and that the remote connection feature is enabled for the device. Exploitation allows the attacker to tunnel to the device. Security features on this device itself (e.g. app specific authentication) are not affected. /p p a href="https://www.cve.org/CVERecord?id=CVE-2026-33892" View CVE Details /a /p hr h4 Affected Products /h4 h5 Siemens Industrial Edge Management /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br Siemens /div div class="ics-version" strong Product Version: /strong br Industrial Edge Management Pro V1, Industrial Edge Management Pro V2, Industrial Edge Management Virtual /div div class="ics-status" strong Product Status: /strong br known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Mitigation /strong br Ensure network ac

Sign in to read the full article

Create a free account to access all news, downloads, and community features

Sign inCreate account

Originally published by CISA

Source: https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-11

This article is shared for informational purposes. All rights belong to the original author and publisher. If you are the copyright holder and would like this content removed, please contact us.

Shared on IT-Hub by admin