VDB

ICSA-26-015-09

ICSA-26-015-09 PUBLISHED CVSS 10 CRITICAL

Users of Industrial Edge Devices are advised to consult the respective Security Advisories for their devices (for Siemens Industrial Edge devices see Additional Information). Industrial Edge Device Kit contains an authorization bypass vulnerability that could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.

Risk Scores

CVSS v3.1
10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersions
Industrial Edge Device Kit - arm64 V1.11
Industrial Edge Device Kit - arm64 V1.21
Industrial Edge Device Kit - arm64 V1.18
Industrial Edge Device Kit - arm64 V1.16
Industrial Edge Device Kit - arm64 V1.20
Industrial Edge Device Kit - arm64 V1.19
Industrial Edge Device Kit - arm64 V1.14
Industrial Edge Device Kit - arm64 V1.5
Industrial Edge Device Kit - arm64 V1.6
Industrial Edge Device Kit - arm64 V1.25
Industrial Edge Device Kit - arm64 V1.12
Industrial Edge Device Kit - arm64 V1.8
Industrial Edge Device Kit - arm64 V1.15
Industrial Edge Device Kit - arm64 V1.24
Industrial Edge Device Kit - arm64 V1.23
Industrial Edge Device Kit - arm64 V1.7
Industrial Edge Device Kit - arm64 V1.13
Industrial Edge Device Kit - arm64 V1.22
Industrial Edge Device Kit - arm64 V1.17
Industrial Edge Device Kit - arm64 V1.10

Timeline

  • Jan 13, 2026 CVE Published
  • Jan 14, 2026 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›