CVE-2024-45032

Summary

A vulnerability has been identified in Industrial Edge Management Pro (All versions < V1.9.5), Industrial Edge Management Virtual (All versions < V2.3.1-1). Affected components do not properly validate the device tokens. This could allow an unauthenticated remote attacker to impersonate other devices onboarded to the system.

Affected Software

VendorProductVersion RangeStatus
SiemensIndustrial Edge Management Pro0 < V1.9.5affected
SiemensIndustrial Edge Management Virtual0 < V2.3.1-1affected

Weaknesses

  • CWE-639: CWE-639: Authorization Bypass Through User-Controlled Key

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References