Siemens Industrial Edge Management Authentication Bypass (CVE-2026-33892)

Vulnerability Overview Vulnerability Name: SSA-609469: Authorization Bypass Vulnerability in Industrial Edge Management Release Date: 2026-04-14 Current Version: V1.0 CVSS v3.1 Base Score: 7.1 CVSS v4.0 Base Score: 5.1 Vulnerability Description: An authorization bypass vulnerability exists in Industrial Edge Management. Unauthenticated remote attackers can exploit this vulnerability to bypass authentication and access connected industrial edge devices via the remote connection feature. Impact Scope Affected Products: - Industrial Edge Management Pro V1: All versions >= V1.7.0 and = V2.0.0 and = V2.2.0 and < V2.8.0 Remediation Industrial Edge Management Pro V1: Update to V1.15.17 or later - Link: https://ftp.eud.edge.siemens.cloud/ - Additional Recommendations: See partial mitigation measures Industrial Edge Management Pro V2: Update to V2.1.1 or later - Link: https://ftp.eud.edge.siemens.cloud/ - Additional Recommendations: See partial mitigation measures Industrial Edge Management Virtual: Update to V2.8.0 or later - Link: https://ftp.eud.edge.siemens.cloud/ - Additional Recommendations: See partial mitigation measures Mitigation Measures Ensure network access to affected products is restricted to trusted parties only. Product-specific mitigation measures or recommendations can be found in the “Known Affected Products” section. Follow general security recommendations. General Security Recommendations As a general security measure, Siemens strongly recommends implementing appropriate mechanisms to protect network access devices. To operate devices in a protected IT environment, Siemens recommends configuring the environment according to the Industrial Security Operation Guidelines. More information can be found in the product manuals and follow Siemens Industrial Security recommendations. Vulnerability Description Vulnerability CVE-2026-33892: - The affected system does not properly enforce user authentication for remote connections to devices. - This may allow unauthenticated remote attackers to bypass authentication and impersonate legitimate users. - Successful exploitation requires the attacker to identify headers and ports and enable the remote connection feature. - Device’s own security features (such as application-specific authentication) are not affected. Additional Information For more information about security vulnerabilities in Siemens products and services, please contact Siemens ProductCERT. Historical Data V1.0 (2026-04-14): Release date Terms of Use Use of Siemens Security Advisories is subject to the terms and conditions listed.

Goal Reached Thanks to every supporter — we hit 100%!

Siemens Industrial Edge Management Authentication Bypass (CVE-2026-33892)