OTPulse

Siemens Industrial Edge Devices

Plan PatchCVSS 9.8ICS-CERT ICSA-25-100-04Apr 8, 2025
SiemensManufacturing
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Siemens Industrial Edge Devices contain a weak authentication vulnerability (CWE-1390) that allows an unauthenticated remote attacker to bypass login verification and impersonate legitimate users. The vulnerability affects Industrial Edge Own Device (IEOD), Industrial Edge Virtual Device, and multiple SIMATIC IPC models (BX-39A, BX-59A, IPC127E, IPC227E, IPC427E, IPC847E). Siemens has released firmware updates for most products. SCALANCE LPE9413 network switches are also affected but no fix is planned. Successful exploitation allows an attacker to access device configuration, view or modify process settings, and potentially alter industrial operations.

What this means
What could happen
An attacker on the network could bypass login credentials on Siemens Industrial Edge devices and impersonate authorized users, gaining access to device configuration, process data, and control functions without entering valid credentials.
Who's at risk
Manufacturing facilities and utilities using Siemens Industrial Edge devices for plant monitoring, data collection, or edge computing should prioritize this update. Affected equipment includes Industrial Edge Own Devices (IEOD), Industrial Edge Virtual Devices running on edge servers, and SIMATIC IPC industrial PCs (models BX-39A, BX-59A, IPC127E, IPC227E, IPC427E, IPC847E) used in production environments. SCALANCE LPE9413 network switches have no patch available.
How it could be exploited
An attacker with network access to a vulnerable Industrial Edge device sends specially crafted authentication requests that exploit weak credential validation. The device accepts the request and grants the attacker the same access and permissions as a legitimate user, allowing command execution or configuration changes.
Prerequisites
  • Network access to the Industrial Edge device (reachable from attacker's network or internet if exposed)
  • Device running vulnerable firmware version (versions before 1.21.1-1-a for IEOD/Virtual Device, before 3.0 for IPC models)
Remotely exploitable over networkNo authentication requiredLow complexity attackHigh CVSS severity (9.8)Affects edge computing devices that may be internet-facingNo fix available for SCALANCE LPE9413
Exploitability
Unlikely to be exploited — EPSS score 0.5%
Affected products (9)
8 with fix1 EOL
ProductAffected VersionsFix Status
Industrial Edge Own Device (IEOD)<V1.21.1-1-a1.21.1-1-a
Industrial Edge Virtual Device<V1.21.1-1-a1.21.1-1-a
SIMATIC IPC BX-39A Industrial Edge Device<V3.03.0
SIMATIC IPC BX-59A Industrial Edge Device<V3.03.0
SIMATIC IPC127E Industrial Edge Device<V3.03.0
SIMATIC IPC227E Industrial Edge Device<V3.03.0
SIMATIC IPC427E Industrial Edge Device<V3.03.0
SCALANCE LPE9413All versionsNo fix (EOL)
Remediation & Mitigation
0/6
Do now
0/2
WORKAROUNDRestrict network access to Industrial Edge devices to trusted hosts and networks only using firewall rules or network segmentation
HARDENINGEnsure Industrial Edge devices are not directly accessible from the internet; place them behind firewalls and isolate them from business networks
Schedule — requires maintenance window
0/3

Patching may require device reboot — plan for process interruption

Industrial Edge Own Device (IEOD)
HOTFIXUpdate Industrial Edge Own Device (IEOD) to firmware version 1.21.1-1-a or later
Industrial Edge Virtual Device
HOTFIXUpdate Industrial Edge Virtual Device to version 1.21.1-1-a or later
All products
HOTFIXUpdate SIMATIC IPC BX-39A, BX-59A, IPC127E, IPC227E, IPC427E, and IPC847E Industrial Edge Devices to firmware version 3.0 or later
Mitigations - no patch available
0/1
SCALANCE LPE9413 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGIf remote access to Industrial Edge devices is required, use a VPN concentrator or jump server to mediate access and enforce additional authentication
View full CISA ICS-CERT advisory
API: /api/v1/advisories/c76d741f-1bfe-4988-9382-126a4e21057b

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.