Siemens Industrial Edge

Act Now9.8ICS-CERT ICSA-21-257-21Sep 14, 2021

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Unauthenticated attackers can change the password of any user in Industrial Edge Management, allowing them to impersonate valid users and gain full system access. This affects all versions prior to 1.3. The vulnerability enables attackers to take over administrative accounts without requiring any valid credentials.

What this means

What could happen

An unauthenticated attacker on the network could change any user's password, gaining full access to Industrial Edge Management and potentially controlling connected engineering and manufacturing systems.

Who's at risk

Manufacturing facilities using Siemens Industrial Edge Management for automation and process control. This includes any organization relying on Industrial Edge for edge computing, device management, or manufacturing control system orchestration.

How it could be exploited

An attacker with network access to the Industrial Edge Management interface could send a specially crafted request to reset any user password without authentication. Once a password is changed, the attacker can log in as that user and perform any administrative actions the account allows.

Prerequisites

Network access to Industrial Edge Management port/interface
No valid credentials required

Remotely exploitableNo authentication requiredLow complexityCritical CVSS (9.8)Affects system administration and access control

Exploitability

Low exploit probability (EPSS 0.5%)

Affected products (1)

ProductAffected VersionsFix Status

Industrial Edge Management: All< 1.31.3 or a later version (login required)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGIsolate Industrial Edge Management from the business network using a firewall; restrict network access to engineering workstations only

HARDENINGEnsure Industrial Edge Management is not accessible from the Internet; disable or restrict any remote access interfaces

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Industrial Edge Management to version 1.3 or later

HARDENINGIf remote access is required, implement VPN with current security updates as a secure tunnel to the device

CVEs (1)

CVE-2021-37184

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ad60e6bb-575b-496f-88f0-4818197fcc0f