CISA 2026-04-21

Siemens Industrial Edge Management

CVE-2026-33892

Machine-generated analysis · WAYSCloud LLM

The advisory notes that exploitation requires the remote connection feature to be enabled on a device and knowledge of the specific header and port used for connections. This may indicate that disabling the feature entirely could serve as an interim mitigation.

Context

Siemens Industrial Edge Management is a platform for managing industrial edge devices. The advisory describes an authentication bypass vulnerability that allows unauthenticated remote attackers to access connected devices via the remote connection feature. The source explicitly states that this affects systems in critical manufacturing and is deployed worldwide.

Operator considerations

Check: Inventory all Industrial Edge Management systems for affected versions (V1 <1.15.17, V2 <2.1.1, Virtual <2.8.0)
Isolate: Limit network access to affected products to trusted parties only
Patch: Update to V1.15.17, V2.1.1, or Virtual 2.8.0 or later
Log: Monitor for unauthorized access attempts on remote connection ports

From Cybersecurity and Infrastructure Security Agency ↗

Industrial Edge Management contains an authorization bypass vulnerability that could be exploited by an unauthenticated remote attacker to circumvent authentication and to access connected Industrial Edge Devices through the remote connection feature. Siemens has released new versions for the affected products and recommends to update to the latest versions.

The following versions of Siemens Industrial Edge Management are affected:

Industrial Edge Management Pro V1 vers:intdot/>=1.7.6|=2.0.0|=2.2.0|

Read the full advisory on CISA →