Siemens Industrial Edge Management

MonitorCVSS 7.5ICS-CERT ICSA-25-254-06Sep 9, 2025

SiemensManufacturing

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Industrial Edge Management OS (IEM-OS) is affected by a vulnerability that allows a remote unauthenticated attacker to cause a denial of service condition through excessive resource consumption or service disruption. All versions are affected. The vulnerability is classified as CWE-770 (Allocation of Resources Without Limits or Throttling). Siemens has not planned a fix for this product.

What this means

What could happen

An attacker with network access to Industrial Edge Management can trigger a denial of service condition, disrupting edge computing operations that support real-time plant monitoring and process control.

Who's at risk

Manufacturing facilities using Siemens Industrial Edge Management (IEM-OS) for edge computing and real-time data processing in production environments. This includes OT operators and engineers who depend on edge services for process monitoring and control network operations.

How it could be exploited

An unauthenticated attacker sends a malicious network request to the Industrial Edge Management service to trigger excessive resource consumption or service crash. No special credentials or local access required.

Prerequisites

Network access to Industrial Edge Management service port
No authentication required

remotely exploitableno authentication requiredlow complexityno patch availableaffects process availability

Exploitability

Some exploitation risk — EPSS score 1.3%

Public Proof-of-Concept (PoC) on GitHub (1 repository)

Affected products (1)

ProductAffected VersionsFix Status

Industrial Edge Management OS (IEM-OS)All versionsNo fix (EOL)

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDRestrict network access to Industrial Edge Management to only authorized engineering workstations and control network segments using firewall rules

Mitigations - no patch available

0/2

Industrial Edge Management OS (IEM-OS) has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGImplement network segmentation to isolate Industrial Edge Management on a protected control network, separate from untrusted IT networks

HARDENINGMonitor Industrial Edge Management service availability and resource utilization for signs of denial of service attacks

CVEs (1)

CVE-2025-48976

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a7dff9b0-bfed-45b9-8a25-0c06d8dae319

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.