Siemens Industrial Edge Device Kit
Plan PatchCVSS 10ICS-CERT ICSA-26-015-09Jan 13, 2026
SiemensManufacturing
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Industrial Edge Device Kit contains an authorization bypass vulnerability (CWE-639) that could allow an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Versions V1.5 through V1.23 and most production versions have no patch available. Only V1.24 and V1.25 have updates released: V1.24.2 and V1.25.1 respectively.
What this means
What could happen
An attacker could bypass authentication and impersonate a legitimate user on the Industrial Edge Device, potentially gaining unauthorized control over edge computing functions that process data from plant sensors and control devices. This could allow manipulation of production logic or disruption of edge-based automation.
Who's at risk
Manufacturers using Siemens Industrial Edge Device Kit (all versions from V1.5 through V1.25) as edge computing devices that connect plant sensors, gateways, and control logic to cloud or data analytics systems. This affects any deployment using Industrial Edge Devices for real-time data processing, local control, or as a bridge between on-premises equipment and industrial IoT platforms.
How it could be exploited
An unauthenticated attacker with network access to the Industrial Edge Device can send a specially crafted request to exploit the authorization bypass vulnerability, allowing them to bypass the authentication mechanism and gain access to the device as a legitimate user without providing valid credentials.
Prerequisites
- Network access to the Industrial Edge Device management interface or API
- No valid user credentials required
remotely exploitableno authentication requiredlow complexityno patch available for most versionsaffects industrial control edge computing
Exploitability
Unlikely to be exploited — EPSS score 0.1%
Affected products (42)
4 with fix38 pending
ProductAffected VersionsFix Status
Industrial Edge Device Kit - arm64 V1.10All versionsNo fix yet
Industrial Edge Device Kit - arm64 V1.11All versionsNo fix yet
Industrial Edge Device Kit - arm64 V1.12All versionsNo fix yet
Industrial Edge Device Kit - arm64 V1.13All versionsNo fix yet
Industrial Edge Device Kit - arm64 V1.14All versionsNo fix yet
Remediation & Mitigation
0/5
Do now
0/1HARDENINGRestrict network access to Industrial Edge Devices to trusted sources only through firewall rules or network segmentation
Schedule — requires maintenance window
0/4Patching may require device reboot — plan for process interruption
HOTFIXUpdate Industrial Edge Device Kit arm64 V1.24 to version 1.24.2 or later
HOTFIXUpdate Industrial Edge Device Kit x86-64 V1.24 to version 1.24.2 or later
HOTFIXUpdate Industrial Edge Device Kit arm64 V1.25 to version 1.25.1 or later
HOTFIXUpdate Industrial Edge Device Kit x86-64 V1.25 to version 1.25.1 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/4deaa1a5-5fd0-4f83-a3ea-007fb57e76b2Get OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.