Siemens Industrial Edge Management

Act Now10ICS-CERT ICSA-24-256-11Sep 10, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Industrial Edge Management contains an authorization bypass vulnerability that allows an unauthenticated remote attacker to impersonate other devices onboarded to the system. This affects Industrial Edge Management Pro (versions before 1.9.5) and Industrial Edge Management Virtual (versions before 2.3.1-1). An attacker could use device impersonation to interact with connected industrial equipment, potentially altering process configurations or commands without legitimate authorization. Siemens has released patched versions that address this issue.

What this means

What could happen

An unauthenticated attacker with network access could impersonate any device already onboarded to your Industrial Edge Management system, potentially redirecting or controlling connected industrial devices and operations.

Who's at risk

Manufacturing facilities using Siemens Industrial Edge Management to orchestrate edge computing devices, PLCs, and industrial controllers. This affects any organization that has deployed Industrial Edge Management Pro or Virtual as a central management point for distributed industrial devices.

How it could be exploited

An attacker on the network sends unauthenticated requests to the Industrial Edge Management service to forge device identity or credentials. Once impersonating a trusted device, the attacker can interact with other onboarded devices, alter configurations, or trigger commands on connected PLCs and edge computing hardware without legitimate authorization.

Prerequisites

Network access to the Industrial Edge Management service (port and interface depend on deployment)
No authentication credentials required to initiate the attack
One or more legitimate devices must already be onboarded to the management system

remotely exploitableno authentication requiredlow complexityaffects device coordination and control

Exploitability

Moderate exploit probability (EPSS 1.8%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

Industrial Edge Management Pro< V1.9.51.9.5

Industrial Edge Management Virtual<V2.3.1-12.3.1-1

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDConfigure network firewalls to restrict access to the Industrial Edge Management service; limit connectivity to only authorized management workstations and devices

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

Industrial Edge Management Pro

HOTFIXUpdate Industrial Edge Management Pro to version 1.9.5 or later

Industrial Edge Management Virtual

HOTFIXUpdate Industrial Edge Management Virtual to version 2.3.1-1 or later

Long-term hardening

0/2

HARDENINGIsolate the Industrial Edge Management system and all connected edge devices from your business network using a DMZ or separate VLAN

HARDENINGIf remote management is required, implement a VPN with strong authentication and access controls

CVEs (1)

CVE-2024-45032

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/64d23238-944c-4242-9be7-cb1ec43f26a1