CRITICAL🇵🇱 Wersja polska

CVE-2024-45032

CVSS 10.0v4.0pub. 2024-09-10upd. 2026-04-15

A vulnerability has been identified in Industrial Edge Management Pro (All versions < V1.9.5), Industrial Edge Management Virtual (All versions < V2.3.1-1). Affected components do not properly validate the device tokens. This could allow an unauthenticated remote attacker to impersonate other devices onboarded to the system.

🤖 AI Analysis
How it works

Vulnerable system components do not perform proper validation of tokens assigned to devices (CWE-639 — improper access control based on identifiers). An attacker can exploit this flaw to use another device's token and authenticate to the system as that device. The attack requires no authentication, user interaction, or special network conditions — only network access to the system is needed.

Impact

An attacker can impersonate any device registered in the Industrial Edge Management system, which may lead to unauthorized access to data, manipulation of industrial device configuration, and compromise of the integrity of the edge environment.

Mitigation & patch

Update Siemens Industrial Edge Management Pro to version V1.9.5 or later and Industrial Edge Management Virtual to version V2.3.1-1 or later. Detailed information is available in the Siemens security bulletin SSA-359713 at: https://cert-portal.siemens.com/productcert/html/ssa-359713.html

Who is affected

Siemens Industrial Edge Management Pro (all versions < V1.9.5) and Siemens Industrial Edge Management Virtual (all versions < V2.3.1-1).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References