CVE-2026-33892
Industrial Edge Management contains an authorization bypass vulnerability that could be exploited by an unauthenticated remote attacker to circumvent authentication and to access connected Industrial Edge Devices through the remote connection feature. Siemens has released new versions for the affected products and recommends to update to the latest versions. The following versions of Siemens Industrial Edge Management are affected: Industrial Edge Management Pro V1 vers:intdot/>=1.7.6|Industrial Edge Management Pro V2 vers:intdot/>=2.0.0|Industrial Edge Management Virtual vers:intdot/>=2.2.0| CVSS Vendor Equipment Vulnerabilities v3 7.1 Siemens Siemens Industrial Edge Management Authentication Bypass by Primary Weakness Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Germany
EPSS 0.09% · 24.7th percentile
Risk Scores
Exploit Intelligence
- CIRCL seen: CVE-2026-33892 (circl-sighting)
- https://cert-portal.siemens.com/productcert/html/ssa-609469.html (circl)
Timeline
- Apr 14, 2026 CVE Published
- Apr 14, 2026 PoC Published
- Apr 14, 2026 Security Advisory
- Apr 14, 2026 CVE Updated
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
- May 25, 2026 EPSS Score
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-11 advisory
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-11.json advisory
- https://www.cve.org/CVERecord?id=CVE-2026-33892 technical
- https://iehub.eu1.edge.siemens.cloud/ technical
- https://cwe.mitre.org/data/definitions/305.html technical
- https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L technical