Weak Authentication Vulnerability in Industrial Edge Device Kit
Act Now9.8SSA-819629Apr 8, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
The Industrial Edge Device Kit contains a weak authentication vulnerability that allows an unauthenticated remote attacker to bypass authentication and impersonate legitimate users. Affected versions include V1.17 through V1.21 on both arm64 and x86-64 architectures. Siemens has released patches for V1.20 (update to 1.20.2-1 or later) and V1.21 (update to 1.21.1-1 or later). Versions V1.17, V1.18, and V1.19 have reached end-of-life and no fixes are available.
What this means
What could happen
An attacker with network access to an Industrial Edge Device can bypass authentication without credentials and assume the identity of legitimate users, gaining full control over edge computing operations and any integrated industrial processes.
Who's at risk
Manufacturing facilities using Siemens Industrial Edge Device Kit should assess which versions are deployed in their production environment. This affects both arm64 and x86-64 architectures. Organizations using older versions (V1.17–V1.19) that cannot receive patches should prioritize network access controls. Facilities using V1.20 or V1.21 should plan immediate patching during the next maintenance window.
How it could be exploited
An attacker sends crafted requests to the Industrial Edge Device over the network to bypass the authentication mechanism. Once authentication is circumvented, the attacker can impersonate a legitimate admin or operator user to execute commands, modify device configurations, or access sensitive data without providing valid credentials.
Prerequisites
- Network access to the Industrial Edge Device on the management/API port
- No credentials required
remotely exploitableno authentication requiredlow complexity attackaffects edge computing platform controlling industrial processesolder versions have no fix available
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (10)
4 with fix6 EOL
ProductAffected VersionsFix Status
Industrial Edge Device Kit - arm64 V1.17All versionsNo fix (EOL)
Industrial Edge Device Kit - arm64 V1.18All versionsNo fix (EOL)
Industrial Edge Device Kit - x86-64 V1.18All versionsNo fix (EOL)
Industrial Edge Device Kit - arm64 V1.20All versions < V1.20.2-11.20.2-1
Industrial Edge Device Kit - arm64 V1.21All versions < V1.21.1-11.21.1-1
Industrial Edge Device Kit - x86-64 V1.20All versions < V1.20.2-11.20.2-1
Industrial Edge Device Kit - x86-64 V1.21All versions < V1.21.1-11.21.1-1
Industrial Edge Device Kit - arm64 V1.19All versionsNo fix (EOL)
Remediation & Mitigation
0/6
Do now
0/1WORKAROUNDFor end-of-life versions with no fixes, implement firewall rules to block unauthorized access to the management interface from untrusted networks
Schedule — requires maintenance window
0/4Patching may require device reboot — plan for process interruption
HOTFIXUpdate Industrial Edge Device Kit arm64 V1.20 to version 1.20.2-1 or later
HOTFIXUpdate Industrial Edge Device Kit arm64 V1.21 to version 1.21.1-1 or later
HOTFIXUpdate Industrial Edge Device Kit x86-64 V1.20 to version 1.20.2-1 or later
HOTFIXUpdate Industrial Edge Device Kit x86-64 V1.21 to version 1.21.1-1 or later
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: Industrial Edge Device Kit - arm64 V1.17, Industrial Edge Device Kit - arm64 V1.18, Industrial Edge Device Kit - x86-64 V1.18, Industrial Edge Device Kit - arm64 V1.19, Industrial Edge Device Kit - x86-64 V1.17, Industrial Edge Device Kit - x86-64 V1.19. Apply the following compensating controls:
HARDENINGFor end-of-life versions (V1.17, V1.18, V1.19) with no available fixes, implement network segmentation to restrict access to Industrial Edge Devices to authorized engineering workstations and control networks only
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/b2f9d63e-292a-4c9c-a435-e3afb61650b7