SSA-359713: Authorization Bypass Vulnerability in Industrial Edge Management Key Information from the Webpage Screenshot: 1. Vulnerability Description: - Title: SSA-359713: Authorization Bypass Vulnerability in Industrial Edge Management - Publication Date: 2024-09-10 - Last Update: 2024-09-10 - Current Version: V1.0 - CVSS v3.1 Base Score: 10.0 - CVSS v4.0 Base Score: 10.0 2. Summary: - Industrial Edge Management contains an Authorization Bypass vulnerability that could allow an unauthenticated remote attacker to impersonate other devices on-boarded to the system. 3. Affected Products and Solution: - Affected Product and Versions: - Industrial Edge Management Pro: All versions < V1.9.5 affected by CVE-2024-45032 - Industrial Edge Management Virtual: All versions < V2.3.1-1 affected by CVE-2024-45032 - Remediation: - Update to V1.9.5 or later version: https://iehub.eu1.edge.siemens.cloud/ - Update to V2.3.1-1 or later version: https://iehub.eu1.edge.siemens.cloud/ 4. Workarounds and Mitigations: - Product-specific remediations or mitigations can be found in the section "Affected Products and Solution." 5. General Security Recommendations: - Siemens recommends to protect network access to devices with appropriate mechanisms. - Configure the environment according to Siemens' operational guidelines for Industrial Security. - Follow the recommendations in the product manuals. - Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity 6. Product Description: - This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory. 7. Vulnerability Description: - Affected components do not properly validate the device tokens. This could allow an unauthenticated remote attacker to impersonate other devices on-boarded to the system. 8. Additional Information: - For further inquiries on security vulnerabilities in Siemens products and solutions, please contact Siemens ProductCERT: https://www.siemens.com/cert/advisories 9. History Data: - V1.0 (2024-09-10): Publication Date 10. Terms of Use: - Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.