VDB

CVE-2024-45032

CVE-2024-45032 PUBLISHED CVSS 10 CRITICAL

A vulnerability has been identified in Industrial Edge Management Pro (All versions < V1.9.5), Industrial Edge Management Virtual (All versions < V2.3.1-1). Affected components do not properly validate the device tokens. This could allow an unauthenticated remote attacker to impersonate other devices onboarded to the system.

EPSS 1.77% · 83.0th percentile

Risk Scores

CVSS v3.1
10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
EPSS Score
1.77%
83.0th percentile

Affected Products

VendorProductVersions
siemensindustrial_edge_management_virtual0, 0, 0
SiemensIndustrial Edge Management Pro0, 0, 0
siemensindustrial_edge_management_pro0, 0, 0
SiemensIndustrial Edge Management Virtual0, 0, 0

Timeline

  • Sep 10, 2024 CVE Published
  • Sep 10, 2024 PoC Published
  • Sep 11, 2024 EPSS Score
  • Oct 1, 2024 EPSS Score
  • Oct 4, 2024 Coalition ESS Score
  • Oct 21, 2024 EPSS Score
  • Nov 29, 2024 EPSS Score
  • Dec 20, 2024 EPSS Score
  • Dec 28, 2024 Coalition ESS Score
  • Jan 9, 2025 EPSS Score
  • Jan 29, 2025 EPSS Score
  • Feb 17, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›