Search
Find a vulnerability
Search criteria
2 vulnerabilities found for Industrial Edge Management Pro V2 by Siemens
CVE-2026-33892 (GCVE-0-2026-33892)
Vulnerability from nvd – Published: 2026-04-14 08:40 – Updated: 2026-04-14 13:46
VLAI
Summary
A vulnerability has been identified in Industrial Edge Management Pro V1 (All versions >= V1.7.6 < V1.15.17), Industrial Edge Management Pro V2 (All versions >= V2.0.0 < V2.1.1), Industrial Edge Management Virtual (All versions >= V2.2.0 < V2.8.0). Affected management systems do not properly enforce user authentication on remote connections to devices.
This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user.
Successful exploitation requires that the attacker has identified the header and port used for remote connections to devices and that the remote connection feature is enabled for the device.
Exploitation allows the attacker to tunnel to the device. Security features on this device itself (e.g. app specific authentication) are not affected.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | Industrial Edge Management Pro V1 |
Affected:
V1.7.6 , < V1.15.17
(custom)
|
|
| Siemens | Industrial Edge Management Pro V2 |
Affected:
V2.0.0 , < V2.1.1
(custom)
|
|
| Siemens | Industrial Edge Management Virtual |
Affected:
V2.2.0 , < V2.8.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33892",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T13:46:06.348573Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T13:46:34.636Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Industrial Edge Management Pro V1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.15.17",
"status": "affected",
"version": "V1.7.6",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Industrial Edge Management Pro V2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.1.1",
"status": "affected",
"version": "V2.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Industrial Edge Management Virtual",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.8.0",
"status": "affected",
"version": "V2.2.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Industrial Edge Management Pro V1 (All versions \u003e= V1.7.6 \u003c V1.15.17), Industrial Edge Management Pro V2 (All versions \u003e= V2.0.0 \u003c V2.1.1), Industrial Edge Management Virtual (All versions \u003e= V2.2.0 \u003c V2.8.0). Affected management systems do not properly enforce user authentication on remote connections to devices.\r\nThis could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user.\r\nSuccessful exploitation requires that the attacker has identified the header and port used for remote connections to devices and that the remote connection feature is enabled for the device.\r\n\r\nExploitation allows the attacker to tunnel to the device. Security features on this device itself (e.g. app specific authentication) are not affected."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305: Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T08:40:46.807Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-609469.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2026-33892",
"datePublished": "2026-04-14T08:40:46.807Z",
"dateReserved": "2026-03-24T15:32:19.390Z",
"dateUpdated": "2026-04-14T13:46:34.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33892 (GCVE-0-2026-33892)
Vulnerability from cvelistv5 – Published: 2026-04-14 08:40 – Updated: 2026-04-14 13:46
VLAI
Summary
A vulnerability has been identified in Industrial Edge Management Pro V1 (All versions >= V1.7.6 < V1.15.17), Industrial Edge Management Pro V2 (All versions >= V2.0.0 < V2.1.1), Industrial Edge Management Virtual (All versions >= V2.2.0 < V2.8.0). Affected management systems do not properly enforce user authentication on remote connections to devices.
This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user.
Successful exploitation requires that the attacker has identified the header and port used for remote connections to devices and that the remote connection feature is enabled for the device.
Exploitation allows the attacker to tunnel to the device. Security features on this device itself (e.g. app specific authentication) are not affected.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | Industrial Edge Management Pro V1 |
Affected:
V1.7.6 , < V1.15.17
(custom)
|
|
| Siemens | Industrial Edge Management Pro V2 |
Affected:
V2.0.0 , < V2.1.1
(custom)
|
|
| Siemens | Industrial Edge Management Virtual |
Affected:
V2.2.0 , < V2.8.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33892",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T13:46:06.348573Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T13:46:34.636Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Industrial Edge Management Pro V1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.15.17",
"status": "affected",
"version": "V1.7.6",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Industrial Edge Management Pro V2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.1.1",
"status": "affected",
"version": "V2.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Industrial Edge Management Virtual",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.8.0",
"status": "affected",
"version": "V2.2.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Industrial Edge Management Pro V1 (All versions \u003e= V1.7.6 \u003c V1.15.17), Industrial Edge Management Pro V2 (All versions \u003e= V2.0.0 \u003c V2.1.1), Industrial Edge Management Virtual (All versions \u003e= V2.2.0 \u003c V2.8.0). Affected management systems do not properly enforce user authentication on remote connections to devices.\r\nThis could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user.\r\nSuccessful exploitation requires that the attacker has identified the header and port used for remote connections to devices and that the remote connection feature is enabled for the device.\r\n\r\nExploitation allows the attacker to tunnel to the device. Security features on this device itself (e.g. app specific authentication) are not affected."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305: Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T08:40:46.807Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-609469.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2026-33892",
"datePublished": "2026-04-14T08:40:46.807Z",
"dateReserved": "2026-03-24T15:32:19.390Z",
"dateUpdated": "2026-04-14T13:46:34.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}