VDB

ICSA-25-105-02

ICSA-25-105-02 PUBLISHED CVSS 9.800000190734863 CRITICAL

Users of Industrial Edge Devices are advised to consult the respective Security Advisories for their devices (for Siemens Industrial Edge devices see Additional Information). Industrial Edge Device Kit contains a weak authentication vulnerability that could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Industrial Edge Device Builders integrate Industrial Edge Device Kit into their offerings within the open Industrial Edge ecosystem. See further details about affected Industrial Edge Devices in the Additional Information section. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.

Risk Scores

CVSS v3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Industrial Edge Device Kit - arm64 V1.20
Industrial Edge Device Kit - x86-64 V1.18
Industrial Edge Device Kit - arm64 V1.21
Industrial Edge Device Kit - arm64 V1.19
Industrial Edge Device Kit - arm64 V1.18
Industrial Edge Device Kit - x86-64 V1.17
Industrial Edge Device Kit - x86-64 V1.19
Industrial Edge Device Kit - arm64 V1.17
Industrial Edge Device Kit - x86-64 V1.20
Industrial Edge Device Kit - x86-64 V1.21

Timeline

  • Apr 8, 2025 CVE Published
  • May 13, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›