Siemens Industrial Edge Device Kit

Act Now10ICS-CERT ICSA-26-015-09Jan 13, 2026

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Industrial Edge Device Kit contains an authorization bypass vulnerability allowing unauthenticated remote attackers to circumvent authentication and impersonate legitimate users. The vulnerability is present in firmware versions V1.5 through V1.23 with no fix available, and partially in V1.24 and V1.25 (affected: versions before 1.24.2 and 1.25.1 respectively).

What this means

What could happen

An unauthenticated attacker who can reach the Industrial Edge Device from the network could bypass login controls and access the device as a legitimate user, potentially allowing them to deploy malicious applications, modify process monitoring settings, or disrupt connectivity to connected PLCs and sensors.

Who's at risk

Manufacturing facilities using Siemens Industrial Edge Device Kit for real-time monitoring and analytics at the edge of the network. This affects both ARM64 and x86-64 versions from V1.5 through V1.25, with only the newest minor versions (1.24.2+ and 1.25.1+) patched.

How it could be exploited

An attacker on the same network (or with network routing to the device) sends a specially crafted request to the Industrial Edge Device that bypasses the authentication check, allowing them to access the device management interface without valid credentials and impersonate an authorized user.

Prerequisites

Network access to the Industrial Edge Device
No credentials required

remotely exploitableno authentication requiredlow complexitymost versions have no patch availablehigh CVSS score (10.0)

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (42)

4 with fix38 pending

ProductAffected VersionsFix Status

Industrial Edge Device Kit - arm64 V1.10All versionsNo fix yet

Industrial Edge Device Kit - arm64 V1.11All versionsNo fix yet

Industrial Edge Device Kit - arm64 V1.12All versionsNo fix yet

Industrial Edge Device Kit - arm64 V1.13All versionsNo fix yet

Industrial Edge Device Kit - arm64 V1.14All versionsNo fix yet

Remediation & Mitigation

0/5

Do now

0/1

HARDENINGRestrict network access to Industrial Edge Devices to trusted administrative networks and workstations only using firewall rules or network segmentation

Schedule — requires maintenance window

0/4

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Industrial Edge Device Kit arm64 V1.24 to version 1.24.2 or later

HOTFIXUpdate Industrial Edge Device Kit x86-64 V1.24 to version 1.24.2 or later

HOTFIXUpdate Industrial Edge Device Kit arm64 V1.25 to version 1.25.1 or later

HOTFIXUpdate Industrial Edge Device Kit x86-64 V1.25 to version 1.25.1 or later

CVEs (1)

CVE-2025-40805

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4deaa1a5-5fd0-4f83-a3ea-007fb57e76b2