Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-54092

CVSS 9.8 · Critical EPSS 0.48% · P65
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-54092

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability has been identified in Industrial Edge Device Kit - arm64 V1.17 (All versions), Industrial Edge Device Kit - arm64 V1.18 (All versions), Industrial Edge Device Kit - arm64 V1.19 (All versions), Industrial Edge Device Kit - arm64 V1.20 (All versions < V1.20.2-1), Industrial Edge Device Kit - arm64 V1.21 (All versions < V1.21.1-1), Industrial Edge Device Kit - x86-64 V1.17 (All versions), Industrial Edge Device Kit - x86-64 V1.18 (All versions), Industrial Edge Device Kit - x86-64 V1.19 (All versions), Industrial Edge Device Kit - x86-64 V1.20 (All versions < V1.20.2-1), Industrial Edge Device Kit - x86-64 V1.21 (All versions < V1.21.1-1), Industrial Edge Own Device (IEOD) (All versions < V1.21.1-1-a), Industrial Edge Virtual Device (All versions < V1.21.1-1-a), SCALANCE LPE9413 (6GK5998-3GS01-2AC2) (All versions < V2.1), SIMATIC IPC BX-39A Industrial Edge Device (All versions < V3.0), SIMATIC IPC BX-59A Industrial Edge Device (All versions < V3.0), SIMATIC IPC127E Industrial Edge Device (All versions < V3.0), SIMATIC IPC227E Industrial Edge Device (All versions < V3.0), SIMATIC IPC427E Industrial Edge Device (All versions < V3.0), SIMATIC IPC847E Industrial Edge Device (All versions < V3.0). Affected devices do not properly enforce user authentication on specific API endpoints when identity federation is used. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that identity federation is currently or has previously been used and the attacker has learned the identity of a legitimate user.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
CWE-1390
Source: NVD (National Vulnerability Database)
Vulnerability Title
Siemens Industrial Edge Devices 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Siemens Industrial Edge Devices是德国西门子(Siemens)公司的一系列工业边缘设备,用于现场数据处理与智能控制。 Siemens Industrial Edge Devices存在安全漏洞,该漏洞源于使用身份联合时未正确实施用户身份验证,可能导致攻击者绕过身份验证并冒充合法用户。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
SiemensIndustrial Edge Device Kit - arm64 V1.17 0 ~ * -
SiemensIndustrial Edge Device Kit - arm64 V1.18 0 ~ * -
SiemensIndustrial Edge Device Kit - arm64 V1.19 0 ~ * -
SiemensIndustrial Edge Device Kit - arm64 V1.20 0 ~ V1.20.2-1 -
SiemensIndustrial Edge Device Kit - arm64 V1.21 0 ~ V1.21.1-1 -
SiemensIndustrial Edge Device Kit - x86-64 V1.17 0 ~ * -
SiemensIndustrial Edge Device Kit - x86-64 V1.18 0 ~ * -
SiemensIndustrial Edge Device Kit - x86-64 V1.19 0 ~ * -
SiemensIndustrial Edge Device Kit - x86-64 V1.20 0 ~ V1.20.2-1 -
SiemensIndustrial Edge Device Kit - x86-64 V1.21 0 ~ V1.21.1-1 -
SiemensIndustrial Edge Own Device (IEOD) 0 ~ V1.21.1-1-a -
SiemensIndustrial Edge Virtual Device 0 ~ V1.21.1-1-a -
SiemensSCALANCE LPE9413 0 ~ V2.1 -
SiemensSIMATIC IPC BX-39A Industrial Edge Device 0 ~ V3.0 -
SiemensSIMATIC IPC BX-59A Industrial Edge Device 0 ~ V3.0 -
SiemensSIMATIC IPC127E Industrial Edge Device 0 ~ V3.0 -
SiemensSIMATIC IPC227E Industrial Edge Device 0 ~ V3.0 -
SiemensSIMATIC IPC427E Industrial Edge Device 0 ~ V3.0 -
SiemensSIMATIC IPC847E Industrial Edge Device 0 ~ V3.0 -

II. Public POCs for CVE-2024-54092

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-54092

登录查看更多情报信息。

Same Patch Batch · Siemens · 2025-04-08 · 13 CVEs total

CVE-2024-4179410.0 CRITICALSiemens SENTRON 7KT PAC1260 Data Manager 信任管理问题漏洞
CVE-2024-417909.1 CRITICALSiemens SENTRON 7KT PAC1260 Data Manager 操作系统命令注入漏洞
CVE-2024-417899.1 CRITICALSiemens SENTRON 7KT PAC1260 Data Manager 操作系统命令注入漏洞
CVE-2024-417889.1 CRITICALSiemens SENTRON 7KT PAC1260 Data Manager 操作系统命令注入漏洞
CVE-2024-417938.6 HIGHSiemens SENTRON 7KT PAC1260 Data Manager 访问控制错误漏洞
CVE-2024-417928.6 HIGHSiemens SENTRON 7KT PAC1260 Data Manager 路径遍历漏洞
CVE-2024-417917.3 HIGHSiemens SENTRON 7KT PAC1260 Data Manager 访问控制错误漏洞
CVE-2025-300006.7 MEDIUMSiemens License Server 信任管理问题漏洞
CVE-2025-299996.7 MEDIUMSiemens License Server 安全漏洞
CVE-2024-417966.5 MEDIUMSiemens SENTRON 7KT PAC1260 Data Manager 安全漏洞
CVE-2024-417956.5 MEDIUMSiemens SENTRON 7KT PAC1260 Data Manager 跨站请求伪造漏洞
CVE-2025-302805.3 MEDIUMSiemens Mendix Runtime 安全漏洞

IV. Related Vulnerabilities

Same vendor: Siemens
Same weakness: CWE-1390

V. Comments for CVE-2024-54092

No comments yet

Leave a comment