VDB
ICSA-25-100-04
ICSA-25-100-04
PUBLISHED
CVSS 9.800000190734863 CRITICAL
Siemens Industrial Edge Devices contain a weak authentication vulnerability that could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SIMATIC IPC227E Industrial Edge Device | ||
| SCALANCE LPE9413 (6GK5998-3GS01-2AC2) | ||
| Industrial Edge Own Device (IEOD) | ||
| SIMATIC IPC127E Industrial Edge Device | ||
| SIMATIC IPC427E Industrial Edge Device | ||
| SIMATIC IPC847E Industrial Edge Device | ||
| SIMATIC IPC BX-39A Industrial Edge Device | ||
| Industrial Edge Virtual Device | ||
| SIMATIC IPC BX-59A Industrial Edge Device |
Timeline
- Apr 8, 2025 CVE Published
- May 6, 2025 CVE Updated
References
- https://cert-portal.siemens.com/productcert/csaf/ssa-634640.json advisory
- https://cert-portal.siemens.com/productcert/html/ssa-634640.html advisory
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-100-04.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-100-04 advisory
- https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.cisa.gov/topics/industrial-control-systems url
- https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
- https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B url
- https://docs.industrial-operations-x.siemens.cloud/r/en-us/v3.0/simatic-ipc-ied-os/release-notes fix