Siemens Industrial Edge Management

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to inject malicious maintenance requests by exploiting improper certification validation. An attacker could exploit this vulnerability by sending statistics, activating remote support, exchanging the initial keys when onboarding, querying new extensions, or accessing sensitive data.

CVEs (1)

Remediations

• Siemens recommends users to update to v1.5.1 or later (login required).
• As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens ' operational guidelines for industrial security and to follow the recommendations in the product manuals.
• For more information, see Siemens Security Advisory SSA-459643 in HTML or CSAF.

Affected Vendors

Affected Products (1)

Affected Sectors

Critical Manufacturing