Authorization Bypass Vulnerability in Industrial Edge Management

Plan PatchCVSS 7.1SSA-609469Apr 14, 2026

SiemensManufacturing

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Industrial Edge Management contains an authorization bypass vulnerability in the remote connection feature. An unauthenticated remote attacker could bypass authentication to access connected Industrial Edge Devices. Affected versions: Pro V1 (≥1.7.6, <1.15.17), Pro V2 (≥2.0.0, <2.1.1), Virtual (≥2.2.0, <2.8.0). Siemens has released patched versions for all three product lines.

What this means

What could happen

An attacker without valid credentials could bypass authentication and gain remote access to your Industrial Edge Devices through the management system, potentially allowing them to view, modify, or disrupt edge computing operations and connected industrial processes.

Who's at risk

Manufacturing facilities using Siemens Industrial Edge Management (Pro V1, Pro V2, or Virtual variants) to manage distributed edge devices. This includes any operation that relies on edge computing for real-time process monitoring, local analytics, or device management across multiple edge nodes.

How it could be exploited

An attacker on the network sends a crafted request to Industrial Edge Management that exploits the authorization bypass to skip authentication checks. Once authenticated bypass is achieved, the attacker can use the remote connection feature to access any Industrial Edge Device managed by the system, including devices running critical process logic or data collection.

Prerequisites

Network access to Industrial Edge Management system (port and protocol unspecified in advisory)
User interaction with a malicious link or request (UI:R per CVSS)
Industrial Edge Devices connected to the vulnerable management system

remotely exploitableno authentication requiredlow complexityaffects distributed edge computing infrastructure

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

Industrial Edge Management Pro V1≥ 1.7.6, < 1.15.171.15.17

Industrial Edge Management Pro V2≥ 2.0.0, < 2.1.12.1.1

Industrial Edge Management Virtual≥ 2.2.0, < 2.8.02.8.0

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to Industrial Edge Management to trusted administrative workstations and networks only

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

Industrial Edge Management Pro V1

HOTFIXUpdate Industrial Edge Management Pro V1 to version 1.15.17 or later

Industrial Edge Management Pro V2

HOTFIXUpdate Industrial Edge Management Pro V2 to version 2.1.1 or later

Industrial Edge Management Virtual

HOTFIXUpdate Industrial Edge Management Virtual to version 2.8.0 or later

CVEs (1)

CVE-2026-33892

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/1d69e1fd-0455-4082-a9a0-23e785ba2cc4

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.