SSA-649853 V1.0: Improper Certificate Validation Vulnerability in Industrial Edge Management

Risk Summary

<p>Industrial Edge Management contains a vulnerability that could allow an unauthenticated attacker to spoof a trusted entity by interfering in the communication path between the Industrial Edge Management (IEM) and the Industrial Edge Hub (IEH) using a crafted certificate.</p> <p>An attacker could use this to inject malicious maintenance requests (e.g. sending statistics, activating remote support, exchanging the initial keys when onboarding, querying new extensions).</p> <p>Siemens has released an update for the Industrial Edge Management and recommends to update to the latest version.</p>

Remediations

• Refer to Siemens ProductCERT advisory for patch and remediation guidance.

Affected Vendors

Affected Products (1)