CVE-2021-37184

Summary

A vulnerability has been identified in Industrial Edge Management (All versions < V1.3). An unauthenticated attacker could change the the password of any user in the system under certain circumstances. With this an attacker could impersonate any valid user on an affected system.

Affected Software

VendorProductVersion RangeStatus
SiemensIndustrial Edge ManagementAll versions < V1.3affected

Weaknesses

  • CWE-639: CWE-639: Authorization Bypass Through User-Controlled Key

ADP Enrichment

CVE Program Container

Additional References

References