VDB
ICSA-24-256-11
ICSA-24-256-11
PUBLISHED
CVSS 10 CRITICAL
Industrial Edge Management contains an Authorization Bypass vulnerability that could allow an unauthenticated remote attacker to impersonate other devices onboarded to the system. Siemens has released new versions for the affected products and recommends to update to the latest versions.
Risk Scores
CVSS 3.1
10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Industrial Edge Management Pro | ||
| Industrial Edge Management Virtual |
Timeline
- Sep 10, 2024 CVE Published
References
- https://cert-portal.siemens.com/productcert/csaf/ssa-359713.json advisory
- https://cert-portal.siemens.com/productcert/html/ssa-359713.html advisory
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-256-11.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-11 advisory
- https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.cisa.gov/topics/industrial-control-systems url
- https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
- https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B url