VDB

ICSA-25-100-04

ICSA-25-100-04 PUBLISHED CVSS 9.800000190734863 CRITICAL

Siemens Industrial Edge Devices contain a weak authentication vulnerability that could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.

Risk Scores

CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
SIMATIC IPC227E Industrial Edge Device
SCALANCE LPE9413 (6GK5998-3GS01-2AC2)
Industrial Edge Own Device (IEOD)
SIMATIC IPC127E Industrial Edge Device
SIMATIC IPC427E Industrial Edge Device
SIMATIC IPC847E Industrial Edge Device
SIMATIC IPC BX-39A Industrial Edge Device
Industrial Edge Virtual Device
SIMATIC IPC BX-59A Industrial Edge Device

Timeline

  • Apr 8, 2025 CVE Published
  • May 6, 2025 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›