Siemens Industrial Edge Management

MonitorCVSS 4.7ICS-CERT ICSA-25-016-02Jan 14, 2025

SiemensManufacturing

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionRequired

Summary

Industrial Edge Management (IEM-OS) is affected by a reflected cross-site scripting (XSS) vulnerability in the web management interface. An attacker could inject malicious code into the web interface by tricking users into accessing a specially crafted link. This could allow the attacker to steal sensitive information such as credentials or session tokens from logged-in users. Siemens has not released a patch and recommends network access controls and deployment in a protected IT environment following Siemens industrial security guidelines.

What this means

What could happen

An attacker could trick users into clicking a malicious link that injects malicious code into the Industrial Edge Management interface, potentially allowing them to steal session tokens, credentials, or sensitive configuration data from the device.

Who's at risk

Operators and IT administrators managing Siemens Industrial Edge devices across manufacturing facilities, particularly those who use the web-based Industrial Edge Management interface for device configuration, monitoring, and troubleshooting.

How it could be exploited

An attacker crafts a link containing malicious JavaScript and sends it to an operator or administrator (via email, chat, or posted on a web page). When the user clicks the link and is logged into Industrial Edge Management, the malicious code runs in their browser with their permissions, stealing authentication tokens or extracting sensitive data from the management interface.

Prerequisites

User must be logged into Industrial Edge Management
User must click an attacker-controlled link while the management interface is open
The attacker link must reference the IEM-OS web interface

remotely exploitableuser interaction requiredrequires social engineeringno vendor patch available

Exploitability

Unlikely to be exploited — EPSS score 0.4%

Affected products (1)

ProductAffected VersionsFix Status

Industrial Edge Management OS (IEM-OS)All versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict network access to the Industrial Edge Management web interface to trusted networks only (engineering workstations and administrative subnets); use firewall rules to block access from untrusted sources

WORKAROUNDEducate operators and administrators to avoid clicking links from untrusted sources that reference Industrial Edge Management URLs

Mitigations - no patch available

0/2

Industrial Edge Management OS (IEM-OS) has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGImplement network segmentation to isolate Industrial Edge Management devices on a restricted administrative network separate from general IT and operational networks

HARDENINGReview and apply Siemens operational security guidelines for Industrial Security to harden the Industrial Edge Management deployment environment

CVEs (1)

CVE-2024-45385

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/feaee829-8c1e-4af8-a759-55b21e960d4a

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.