Siemens Industrial Edge

Plan PatchCVSS 9.8ICS-CERT ICSA-21-257-21Sep 14, 2021

SiemensManufacturing

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Unauthenticated attackers can change the password of any user in Industrial Edge Management, allowing them to impersonate valid users and gain full system access. This affects all versions prior to 1.3. The vulnerability enables attackers to take over administrative accounts without requiring any valid credentials.

What this means

What could happen

An unauthenticated attacker on the network could change any user's password, gaining full access to Industrial Edge Management and potentially controlling connected engineering and manufacturing systems.

Who's at risk

Manufacturing facilities using Siemens Industrial Edge Management for automation and process control. This includes any organization relying on Industrial Edge for edge computing, device management, or manufacturing control system orchestration.

How it could be exploited

An attacker with network access to the Industrial Edge Management interface could send a specially crafted request to reset any user password without authentication. Once a password is changed, the attacker can log in as that user and perform any administrative actions the account allows.

Prerequisites

Network access to Industrial Edge Management port/interface
No valid credentials required

Remotely exploitableNo authentication requiredLow complexityCritical CVSS (9.8)Affects system administration and access control

Exploitability

Unlikely to be exploited — EPSS score 0.5%

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

Industrial Edge Management< V1.31.3

Industrial Edge Management: All< 1.31.3 or a later version (login required)

Remediation & Mitigation

0/4

Do now

0/2

Industrial Edge Management

HARDENINGIsolate Industrial Edge Management from the business network using a firewall; restrict network access to engineering workstations only

HARDENINGEnsure Industrial Edge Management is not accessible from the Internet; disable or restrict any remote access interfaces

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

Industrial Edge Management

HOTFIXUpdate Industrial Edge Management to version 1.3 or later

All products

HARDENINGIf remote access is required, implement VPN with current security updates as a secure tunnel to the device

CVEs (1)

CVE-2021-37184

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ad60e6bb-575b-496f-88f0-4818197fcc0f

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.