SSA-014678
Vulnerability from csaf_siemens - Published: 2026-01-13 00:00 - Updated: 2026-01-13 00:00Summary
SSA-014678: Authorization Bypass Vulnerability in Industrial Edge Device Kit
Notes
Summary
Users of Industrial Edge Devices are advised to consult the respective Security Advisories for their devices (for Siemens Industrial Edge devices see Additional Information).
Industrial Edge Device Kit contains an authorization bypass vulnerability that could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user.
Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Users of Industrial Edge Devices are advised to consult the respective Security Advisories for their devices (for Siemens Industrial Edge devices see Additional Information).\n\nIndustrial Edge Device Kit contains an authorization bypass vulnerability that could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user.\n\nSiemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-014678: Authorization Bypass Vulnerability in Industrial Edge Device Kit - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-014678.html"
},
{
"category": "self",
"summary": "SSA-014678: Authorization Bypass Vulnerability in Industrial Edge Device Kit - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-014678.json"
}
],
"title": "SSA-014678: Authorization Bypass Vulnerability in Industrial Edge Device Kit",
"tracking": {
"current_release_date": "2026-01-13T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-014678",
"initial_release_date": "2026-01-13T00:00:00Z",
"revision_history": [
{
"date": "2026-01-13T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
}
],
"status": "interim",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Industrial Edge Device Kit - arm64 V1.10",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.10"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Industrial Edge Device Kit - arm64 V1.11",
"product_id": "2"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.11"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Industrial Edge Device Kit - arm64 V1.12",
"product_id": "3"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.12"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Industrial Edge Device Kit - arm64 V1.13",
"product_id": "4"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.13"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Industrial Edge Device Kit - arm64 V1.14",
"product_id": "5"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.14"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Industrial Edge Device Kit - arm64 V1.15",
"product_id": "6"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.15"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Industrial Edge Device Kit - arm64 V1.16",
"product_id": "7"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.16"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Industrial Edge Device Kit - arm64 V1.17",
"product_id": "8"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Industrial Edge Device Kit - arm64 V1.18",
"product_id": "9"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Industrial Edge Device Kit - arm64 V1.19",
"product_id": "10"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.19"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Industrial Edge Device Kit - arm64 V1.20",
"product_id": "11"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.20"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Industrial Edge Device Kit - arm64 V1.21",
"product_id": "12"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.21"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Industrial Edge Device Kit - arm64 V1.22",
"product_id": "13"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.22"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Industrial Edge Device Kit - arm64 V1.23",
"product_id": "14"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.23"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c1.24.2",
"product": {
"name": "Industrial Edge Device Kit - arm64 V1.24",
"product_id": "15"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.24"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c1.25.1",
"product": {
"name": "Industrial Edge Device Kit - arm64 V1.25",
"product_id": "16"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.25"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Industrial Edge Device Kit - arm64 V1.5",
"product_id": "17"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.5"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Industrial Edge Device Kit - arm64 V1.6",
"product_id": "18"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.6"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Industrial Edge Device Kit - arm64 V1.7",
"product_id": "19"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.7"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Industrial Edge Device Kit - arm64 V1.8",
"product_id": "20"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Industrial Edge Device Kit - arm64 V1.9",
"product_id": "21"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.9"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Industrial Edge Device Kit - x86-64 V1.10",
"product_id": "22"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.10"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Industrial Edge Device Kit - x86-64 V1.11",
"product_id": "23"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.11"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Industrial Edge Device Kit - x86-64 V1.12",
"product_id": "24"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.12"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Industrial Edge Device Kit - x86-64 V1.13",
"product_id": "25"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.13"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Industrial Edge Device Kit - x86-64 V1.14",
"product_id": "26"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.14"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Industrial Edge Device Kit - x86-64 V1.15",
"product_id": "27"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.15"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Industrial Edge Device Kit - x86-64 V1.16",
"product_id": "28"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.16"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Industrial Edge Device Kit - x86-64 V1.17",
"product_id": "29"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Industrial Edge Device Kit - x86-64 V1.18",
"product_id": "30"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Industrial Edge Device Kit - x86-64 V1.19",
"product_id": "31"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.19"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Industrial Edge Device Kit - x86-64 V1.20",
"product_id": "32"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.20"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Industrial Edge Device Kit - x86-64 V1.21",
"product_id": "33"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.21"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Industrial Edge Device Kit - x86-64 V1.22",
"product_id": "34"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.22"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Industrial Edge Device Kit - x86-64 V1.23",
"product_id": "35"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.23"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c1.24.2",
"product": {
"name": "Industrial Edge Device Kit - x86-64 V1.24",
"product_id": "36"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.24"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c1.25.1",
"product": {
"name": "Industrial Edge Device Kit - x86-64 V1.25",
"product_id": "37"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.25"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Industrial Edge Device Kit - x86-64 V1.5",
"product_id": "38"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.5"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Industrial Edge Device Kit - x86-64 V1.6",
"product_id": "39"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.6"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Industrial Edge Device Kit - x86-64 V1.7",
"product_id": "40"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.7"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Industrial Edge Device Kit - x86-64 V1.8",
"product_id": "41"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Industrial Edge Device Kit - x86-64 V1.9",
"product_id": "42"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.9"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-40805",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"notes": [
{
"category": "summary",
"text": "Affected devices do not properly enforce user authentication on specific API endpoints. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that the attacker has learned the identity of a legitimate user.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"32",
"33",
"34",
"35",
"36",
"37",
"38",
"39",
"40",
"41",
"42"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Ensure network access to affected products is limited to trusted parties only",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"32",
"33",
"34",
"35",
"36",
"37",
"38",
"39",
"40",
"41",
"42"
]
},
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"32",
"33",
"34",
"35",
"38",
"39",
"40",
"41",
"42"
]
},
{
"category": "vendor_fix",
"details": "Update to V1.24.2 or later version",
"product_ids": [
"15",
"36"
]
},
{
"category": "vendor_fix",
"details": "Update to V1.25.1 or later version",
"product_ids": [
"16",
"37"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"32",
"33",
"34",
"35",
"36",
"37",
"38",
"39",
"40",
"41",
"42"
]
}
],
"title": "CVE-2025-40805"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…