Authorization Bypass Vulnerability in Siemens Industrial Edge Devices

Act Now10SSA-001536Jan 13, 2026

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Siemens Industrial Edge Devices and SIMATIC HMI panels contain an authorization bypass vulnerability (CWE-639) that allows an unauthenticated remote attacker to circumvent authentication mechanisms and impersonate legitimate users. An attacker can access the device management interface without valid credentials, gaining the ability to view and modify system configuration, process parameters, and operational settings. The vulnerability affects a wide range of products including SIMATIC HMI MTP panels (sizes 700 to 2200), Industrial Edge appliances (BX-59A, IPC series variants), Industrial Edge software platforms (IECD, IEOD, IEVD), SCALANCE network switches, SIMATIC IOT2050, and SIMATIC Automation Workstations. Siemens has released fixes for most products but stated that SIMATIC Automation Workstations (both 19" and 24" variants) will not be patched.

What this means

What could happen

An attacker can log in to SIMATIC HMI panels, Industrial Edge devices, and related systems without valid credentials, allowing them to modify process parameters, change setpoints, disable alarms, or halt production operations. The SIMATIC Automation Workstations have no patch available, leaving them permanently vulnerable to this bypass.

Who's at risk

Manufacturing plants using Siemens SIMATIC HMI touch panels (MTP series) for equipment control, facilities with Industrial Edge devices managing production data or running containerized apps, and plants with SCALANCE managed switches in their control network. SIMATIC Automation Workstations used by engineering and commissioning teams are vulnerable with no patch available. Facilities in process industries (water, chemical, food, pharmaceutical) relying on HMI for operator visibility and control are especially at risk.

How it could be exploited

An attacker on the network sends an authentication request to a vulnerable device's web interface or API endpoint. Due to the authorization bypass flaw, the device grants access without validating credentials, allowing the attacker to log in as any user, including operators or administrators. From there, they can change HMI screens, alter PLC setpoints, or access administrative functions.

Prerequisites

Network access to the device's management port or web interface (typically HTTP/HTTPS)
Device running a vulnerable version (specific version ranges vary by product)
The device must have network connectivity enabled (default configuration)

remotely exploitableno authentication requiredlow complexityhigh CVSS score (10.0 critical)no patch available for SIMATIC Automation Workstationsaffects HMI/operator interfaces which control production processes

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (65)

63 with fix2 pending

ProductAffected VersionsFix Status

SIMATIC IPC BX-59A Industrial Edge Device< 3.13.1

Industrial Edge Cloud Device (IECD)< 1.24.21.24.2

Industrial Edge Own Device (IEOD)< 1.24.21.24.2

Industrial Edge Virtual Device (IEVD)< 1.24.21.24.2

SCALANCE LPE9413< 2.22.2

Remediation & Mitigation

0/7

Do now

0/2

HARDENINGFor SIMATIC Automation Workstations (19" and 24", all versions) with no fix available: implement network segmentation to isolate workstations on a separate VLAN with restricted access from untrusted networks

WORKAROUNDFor SIMATIC Automation Workstations: restrict network access to the management interface using firewall rules, allowing connections only from approved engineering stations or jump hosts

Schedule — requires maintenance window

0/5

Patching may require device reboot — plan for process interruption

Industrial Edge Cloud Device (IECD)

HOTFIXUpdate Industrial Edge Cloud Device (IECD), Industrial Edge Own Device (IEOD), and Industrial Edge Virtual Device (IEVD) to version 1.24.2 or later

SCALANCE LPE9413

HOTFIXUpdate SCALANCE LPE9413 and LPE9433 switches to version 2.2 or later

SIMATIC IOT2050

HOTFIXUpdate SIMATIC IOT2050 to version 1.25.1 or later

All products

HOTFIXUpdate SIMATIC IPC Industrial Edge Devices (BX-59A, BX-39A, IPC127E, IPC227E, IPC227G, IPC427E, IPC847E) to firmware version 3.1 or later

HOTFIXUpdate all SIMATIC HMI MTP series panels (MTP700, MTP1000, MTP1200, MTP1500, MTP1900, MTP2200) and SIPLUS variants to version 21 or later

CVEs (1)

CVE-2025-40805

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/3feb4ff0-3a44-4f41-add9-9a7297321ee1