Authorization Bypass Vulnerability in Industrial Edge Device Kit
Act Now10SSA-014678Jan 13, 2026
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Industrial Edge Device Kit contains an authorization bypass vulnerability (CWE-639) that allows an unauthenticated remote attacker to circumvent authentication mechanisms and impersonate a legitimate user. The vulnerability affects all versions of the arm64 and x86-64 variants from V1.5 through V1.23, with no fix currently available for these versions. Only versions 1.24.2 and 1.25.1 or later have received patches. An attacker exploiting this flaw could gain unauthorized access to device configuration, applications, and data without providing valid credentials.
What this means
What could happen
An attacker can bypass authentication and gain access to the Industrial Edge Device as a legitimate user without credentials, allowing them to modify device configuration, access data streams, or disrupt edge computing operations that support your manufacturing processes.
Who's at risk
Manufacturing facilities using Siemens Industrial Edge Device Kit (both arm64 and x86-64 architectures) for edge computing, data collection, or application hosting. This includes plants using these devices for real-time analytics, machine monitoring, or MES integration at the manufacturing floor level.
How it could be exploited
An attacker remotely sends a crafted request to the Industrial Edge Device to bypass the authentication check. Once authenticated as a legitimate user, the attacker can interact with the device's APIs and applications with full user privileges, potentially modifying process parameters or stopping edge applications.
Prerequisites
- Network access to the Industrial Edge Device
- Device must be reachable over the network (no valid user credentials required)
Remotely exploitableNo authentication requiredLow complexityNo patch available for versions 1.5-1.23 (majority of deployed versions)
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (42)
4 with fix38 pending
ProductAffected VersionsFix Status
Industrial Edge Device Kit - arm64 V1.10All versionsNo fix yet
Industrial Edge Device Kit - arm64 V1.11All versionsNo fix yet
Industrial Edge Device Kit - arm64 V1.12All versionsNo fix yet
Industrial Edge Device Kit - arm64 V1.13All versionsNo fix yet
Industrial Edge Device Kit - arm64 V1.14All versionsNo fix yet
Remediation & Mitigation
0/6
Schedule — requires maintenance window
0/4Patching may require device reboot — plan for process interruption
HOTFIXUpdate Industrial Edge Device Kit arm64 to version 1.24.2 or later (versions 1.24.x below 1.24.2)
HOTFIXUpdate Industrial Edge Device Kit arm64 to version 1.25.1 or later (versions 1.25.x below 1.25.1)
HOTFIXUpdate Industrial Edge Device Kit x86-64 to version 1.24.2 or later (versions 1.24.x below 1.24.2)
HOTFIXUpdate Industrial Edge Device Kit x86-64 to version 1.25.1 or later (versions 1.25.x below 1.25.1)
Long-term hardening
0/2HARDENINGFor affected versions with no fix available (V1.5 through V1.23), implement network segmentation to restrict unauthorized network access to Industrial Edge Devices to only trusted workstations and engineering systems
HARDENINGMonitor and log all access attempts to Industrial Edge Devices for suspicious authentication bypass activity
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/b03f573c-a813-4c89-9d0f-6522f99c6c43